Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

HTTP is fast, HTTPS really slow and causes massive FCS failure

ecce_297791
Altocumulus
Altocumulus

‎16-Feb-2018 03:22 - last edited on ‎05-Jun-2023 22:04 by Fog

I have two BIGIP VE's on my laptop I use for lab and education. On both of them (not HA) HTTPS to a VS works, but is painfully slow. A simple web page with a few pictures in it takes 20-30 seconds to load. Unencrypted HTTP is lightning fast.

0691T000006ApozQAC.png

Here is the VS config:

ltm virtual /Common/f5trn.cmos.lab-p443-vs {
    destination /Common/10.1.10.20:443
    ip-protocol tcp
    mask 255.255.255.255
    pool /Common/f5trn.cmos.lab-pool
    profiles {
    /Common/f5trn.cmos.lab {
            context clientside
        }
        /Common/http { }
        /Common/http2 { }
        /Common/tcp { }
    }
    source 0.0.0.0/0
    translate-address enabled
    translate-port enabled
}

ltm pool /Common/f5trn.cmos.lab-pool {
members {
    /Common/10.1.20.11:80 {
        address 10.1.20.11
    }
    /Common/10.1.20.12:80 {
        address 10.1.20.12
    }
    /Common/10.1.20.13:80 {
        address 10.1.20.13
    }
}
monitor /Common/http
}

A packet capture shows a MASSIVE FCS failure. Every single frame. Same on both sides of the BIGIP.

0691T000006App0QAC.png

Troubleshooting includes:

  • Disabling SSL (removing clientSSL profile). Not slow.
  • Disabling HTTP/2 profile, using HTTP/1.1 (with SSL) instead. Still slow.
  • Using normal clientssl profile. Still slow.
  • Trying another BIGIP VE on the same laptop (standalone). Still slow.
  • Upgrading virtual hardware from v7 to v12. Still slow.
  • Upgrading memory on BIGIP VE 6 > 8 GB RAM. Still slow.
  • CPU load is around 9%
  • Memory usage is >80% high according to the flash-based dashboard. 6 or 8 GB RAM makes no difference. However TMM uses 5.5% of 3.9 GB.
  • The Configuration Utility uses HTTPS and is very responsive.

Other info:

  • LTM, APM and AVR are provisioned
  • The FQDN is resolved via /etc/hosts file
  • BIGIP version is 13.1
  • My laptop is a MacBook Pro with core i7 with 16GB RAM and not slow or heavily loaded with anything else.

Any ideas to why SSL seems to cause this behaviour?

Labels:
0 Kudos
2 REPLIES 2

Daniel_Varela
F5 Employee
F5 Employee

‎16-Feb-2018 04:17

Be careful with the captures taken from you VE, it automatically adds some trailing information/ debugging details, you need to install a plugin in your wireshark to have access to it (you can easily find it devcentral). If you don't have the plugin is normal you see the FCS errors.

 

Regarding the slowness, it looks like the problem is mainly in the images. Can you configure an http acceleration profile to cache the images in your VE and see the difference? Maybe your problem is on the backend server. I suggest you try first HTTP1.1 and when you solve the problem you continue with HTP2.

 

0 Kudos

JoeTheFifth
Altostratus
Altostratus

‎13-Jan-2020 05:10

A bit late but this might help future users:

tmsh show /sys license detail | grep perf_VE_throughput_Mbps

This will show you your license throughtput. Trial VE is limited to 2Mbps.

 

https://support.f5.com/csp/article/K14356

 

0 Kudos
Copyright © 2023 Khoros, LLC