Forum Discussion

danielo303_1961's avatar
danielo303_1961
Icon for Nimbostratus rankNimbostratus
Dec 11, 2012

Runaway Connection Counts on Virtual Server

 

We have a BigIP 1500 running 9.4.3 which handles about 100 VIP's. The LTM does SSL offload for the backend servers, which are mostly tomcat/http. Throughput is around 60Mbps and average SSL TPS is about 125. The single busiest VIP accounts for 90 percent of the traffic.

 

 

Over the past 6 weeks, I have watched the number of active connections on this VIP climb steadily until it is almost 50K at this time. I can display the connections using the "bigpipe conn server 10.30.10.135:443 show" command like so:

 

 

[doxenhandler@sjc1-bigip-01:Active] netops b conn server 10.202.10.135:443 show | head

 

172.16.64.202:64355 <-> 10.30.10.135:https <-> any6:any tcp

 

172.16.85.187:4433 <-> 10.30.10.135:https <-> any6:any tcp

 

172.16.87.193:14042 <-> 10.30.10.135:https <-> 10.30.124.23:10011 tcp

 

 

I've done some research, and it appears that the connections displaying "any6:any" in the third column are waiting for the LTM to make a load-balancing decision. Using "grep -c" I determined that 48527 connections are in this state, while only 1297 have a complete connection to the back end (those with IP address in third column).

 

 

The back-end servers are not overloaded, and resources (memory, cpu) on the LTM are moderately utilized.

 

 

Has anybody seen connection counts climb like this? Any thoughts on where to look for potential performance bottlenecks?

 

11 Replies