fir3net
PPS-Firenetbanner-780.5x190-30-03-17

F5 LTM - OneConnect

Overview

The OneConnect feature works with HTTP Keep-Alives to minimize the number of server-side TCP connections by reusing existing connections for further HTTP requests.
“OneConnect” has 2 methods. They are : OneConnect Profile and OneConnect transformations. Both of which are explained within this article.

HTTP Requests Overview

HTTP/1.1 requests - HTTP/1.1 dictates that HTTP Keep-Alive connections are enabled by default. With HTTP/1.1 the server doesn't close the connection once the initial request has been completed unless the client issues a ‘Connection: close header’ to the server. Otherwise the connection remains open so that the client can reuse the connection for any additional requests.
HTTP/1.0 requests - HTTP/1.0 does not dictate that HTTP Keep-Alive connections are enabled by default. With HTTP/1.0 the client issues a ‘Connection: close header’ to the server to ensure the connection is closed once the request is complete.

OneConnect Profile

‘The OneConnect Profile’ reuses idle server-side connections so that they can be used for further requests. If the connection is not idle then a new server-side TCP connection is made.
As idle connections are re-used it may appear that traffic is being unevenly balanced.
To enable the OneConnect Profile the necessary profile is selected within the ’Configuration / OneConnect Profile’ section of the Virtual Server.

Source Mask

Within the OneConnect profile one of the main settings you should be aware of is 'source mask'. This allows traffic to be sent over an idle server side connection based on the clients source IP matching the source mask.

Example : If the mask is set to 255.255.255.0. Once the TCP connection has been established to the server. If this connection is idle further connections from any client IP from within the /24 mask will reuse the server-side connection. For traffic coming from CDNs (or proxies) it is recommended to use a mask of 255.255.255.255. This is to ensure traffic is distributed equally because the traffic will originate from the same (or a few) source IP addresses.

OneConnect Transformations

‘OneConnect Transformation’ transforms the ‘Connection: close’ headers in HTTP/1.0 client-side requests to ‘X-Cnection: close’ headers on the server side. This ensures that the server does not close the connection once the request is completed, therefore allowing the server to reuse existing connections for additional requests when using HTTP/1.0.
To enable OneConnect Transformations you must add a OneConnect profile to the virtual server and also enable it from within the HTTP profile .

Miscellaneous

HTTP Pipelining

HTTP pipelining is a feature of HTTP 1.1 that's allows multiple requests to be sent via single connection without waiting for each response.
OneConnect does not support Pipelining as each request must be initiated after the response from the previous requests have been received. 
Further details can be found at : http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html

Reference

https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html

Tags: BIG-IP F5

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001