LTM OneConnect Profile for short API http request
We have some client using API calls to our servers and they are short live request, these web servers are not browsable they just serve API. We have notice request rate is very high which i am seeing 900 TLS almost and i have notice our Web (apache) getting timeout sometime because of very high connection rate on webserver on netstat i am seeing thousands of TIME_WAIT so definitely my server running out of resources even server CPU load is 1% or 2% We are thinking to use OneConnect Profile but not sure its going to benefit us or not and how? I read about OneConnect profile but i am little confused and need some advice how we should utilize it. Question: If we use OneConnect does that means it will open only few connection to server right? We are using Auto Map SNAT so what will be impact on OneConnect Profile also we are using XFF feature to extract client IP. What if we disable HTTP 1.1 on apache webserver which will close connection faster in that case how does OneConnect profile behave? for test i have enabled oneconnect profile on our Dev LTM and send some http request from multiple but i am seeing its opening individual connect to server and not bundle them in single connection (We are using Mask 0.0.0.0) is that how openconnect works?
OneConnect and SNAT
Dear Folks, I have got confused while learning OneConnect, need your help for better understanding. I am referring SOL7208 and got stuck with following line under the section OneConnect and SNATs. When a client makes a new connection to a BIG-IP virtual server configured with a OneConnect profile and Secure Network Address Translation (SNAT), the BIG-IP system parses the HTTP request, selects a server using the load-balancing method defined in the pool, translates the source IP address in the request to the SNAT IP address, and creates a connection to the server. When the client's initial HTTP request is complete, the BIG-IP system temporarily holds the connection open and makes the idle TCP connection to the pool member available for reuse. When a new connection is initiated to the virtual server, the BIG-IP system performs SNAT address translation on the source IP address, and then applies the OneConnect source mask to the translated SNAT IP address to determine whether it is eligible to reuse an existing idle connection. Please help me understanding the BOLD lines. Thank you,