29-Nov-2022 06:02
Hi there, I am investigating a case where users report very slow page load. And the application is hosted in Azure Kubernetes Cluser (Azure CNI) having F5 as loadbalancer, Checkpoint Firewall and Traefik Ingress controller (just for details).
However the users are seeing too high Initial and SSL connect time (Order of 1200-2000ms) only for HTTP 204 OPTIONS requests. We are unable to figure out the performance metric on F5 that could help us guage why these SSL connects are too slow.
I suspect that the cyclic calls going between the PODs and the Load Balancer for SSL handshake/SSL Offload.
I am not sure if F5 is having issue or any other stack. Any insights related to F5 would be very appreciated.
(As far my past experience, F5 SSL offload was misconfigured on app server caused cycles in the calls between web and app).
Pl. see attached screenshot as well.
29-Nov-2022 22:38 - edited 30-Nov-2022 00:59
Hi rs232,
what makes me wonder is that during the SSL negotiation only the User-Agent may know that the SSL channel will be later used for one of those OPTION requests. Hard to imagine that it could be a server side problem...
What happens if you plug a SSL inspection forward proxy (e.g. fiddler) in the communication?
Using Wireshark with TLS inspection would be my next attempt to figure out what's happening on the wire during those negotiations?
Cheers, Kai