Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Too many SSL connect for OPTIONS Request - CORS in Azure Kubernetes Cluster

rs232
Nimbostratus
Nimbostratus

Hi there, I am investigating a case where users report very slow page load. And the application is hosted in Azure Kubernetes Cluser (Azure CNI) having F5 as loadbalancer, Checkpoint Firewall and Traefik Ingress controller (just for details). 

  • Ingress coffiguration is set to serve the CORS requests 

However the users are seeing too high Initial and SSL connect time (Order of 1200-2000ms) only for HTTP 204 OPTIONS requests. We are unable to figure out the performance metric on F5 that could help us guage why these SSL connects are too slow. 

I suspect that the cyclic calls going between the PODs and the Load Balancer for SSL handshake/SSL Offload. ssss.jpg

I am not sure if F5 is having issue or any other stack. Any insights related to F5 would be very appreciated.

(As far my past experience, F5 SSL offload was misconfigured on app server caused cycles in the calls between web and app). 

Pl. see attached screenshot as well. 

 

3 REPLIES 3

rs232
Nimbostratus
Nimbostratus

dddd.jpg

Kai_Wilke
MVP
MVP

Hi rs232,

what makes me wonder is that during the SSL negotiation only the User-Agent may know that the SSL channel will be later used for one of those OPTION requests. Hard to imagine that it could be a server side problem...

What happens if you plug a SSL inspection forward proxy (e.g. fiddler) in the communication? 

Using Wireshark with TLS inspection would be my next attempt to figure out what's happening on the wire during those negotiations? 

Cheers, Kai


iRule can do… 😉

rs232
Nimbostratus
Nimbostratus

Ok, good idea. I will check for packet analaysis.