Forum Discussion

DBornack_260324's avatar
DBornack_260324
Icon for Nimbostratus rankNimbostratus
Mar 08, 2018

APM SSL VPN Slow Performance

Having the usual slow throughput/performance APM problem as a lot of people seem to have.

 

However, I think it's worth mentioning that I'm only using APM for SSL VPN purposes.

 

So, we have a 1Gbit Internet connection, into FWs that connect to our core environment at 10Gig. The F5 connects at 1Gig. Our speedtests hover around the mid 900s for up/down.

 

I just discovered messing around with the TCP Profiles, and I've spent an entire day on it, and I don't think I'm making any progress.

 

Anyways, when connected directly to the network that the APM VS answers on, I'm getting speedtest results of 20/10. That's right, 20 down, 10 up.

 

The F5 is a new install, and no one is even on it yet. Nothing else running on the F5 (i2600 hardware) but APM. Nothing else. We have a simple access profile, the F5 hands out an IP, and gives the SSL Clients access.

 

Where is the issue here? There's no overhead. There's no latency. I understand taking a little performance hit while encrypting the packets, but COME ON.

 

I even upgraded to 13.1 so I could try the new TCP Profiles, like Progressive, etc.

 

This is appalling. I can't understand why APM works like this.

 

I've found this problem following a couple of our other APMs as well. So this isn't quite related to just this site.

 

3 Replies

  • DenisG_22372's avatar
    DenisG_22372
    Historic F5 Account

    Okay so for anyone else that was maybe having issues with this, I found a couple of things I needed to configure. Create the UDP Virtual Server, it will need a client SSL Profile, I was using a super strong Cipher one and I could never connect with DTLS. I found an article that helped me. So I found that I had to use a different client SSL profile and set the cert to the one you are using on the main VPN Virtual server, and set the Cipher string to DEFAULT:RFCDTLS to disable hardware acceleration (I am using a Virtual Edition) . Once I did this my F5 APM Client on my iOS device is now showing DTLSv1 in version and UDP as the protocol and it is connecting way faster than it did before. Hope this helps someone.

     

  • PatD's avatar
    PatD
    Icon for Nimbostratus rankNimbostratus

    I have tried a new DTLS cert profile with a weaker cipher and still get 30 meg down, has anyone managed to find a solution to this issue ?