F5 LTM – OneConnect


The OneConnect feature works with HTTP Keep-Alives to minimize the number of server-side TCP connections by reusing existing connections for further HTTP requests.
“OneConnect” has 2 methods. They are : OneConnect Profile and OneConnect transformations. Both of which are explained within this article.

HTTP Requests Overview

HTTP/1.1 requests – HTTP/1.1 dictates that HTTP Keep-Alive connections are enabled by default. With HTTP/1.1 the server doesn’t close the connection once the initial request has been completed unless the client issues a ‘Connection: close header’ to the server. Otherwise the connection remains open so that the client can reuse the connection for any additional requests.
HTTP/1.0 requests – HTTP/1.0 does not dictate that HTTP Keep-Alive connections are enabled by default. With HTTP/1.0 the client issues a ‘Connection: close header’ to the server to ensure the connection is closed once the request is complete.

OneConnect Profile

‘The OneConnect Profile’ reuses idle server-side connections so that they can be used for further requests. If the connection is not idle then a new server-side TCP connection is made.
As idle connections are re-used it may appear that traffic is being unevenly balanced.
To enable the OneConnect Profile the necessary profile is selected within the ’Configuration / OneConnect Profile’ section of the Virtual Server.

Source Mask

Within the OneConnect profile one of the main settings you should be aware of is ‘source mask‘. This allows traffic to be sent over an idle server side connection based on the clients source IP matching the source mask.

Example : If the mask is set to Once the TCP connection has been established to the server. If this connection is idle further connections from any client IP from within the /24 mask will reuse the server-side connection. For traffic coming from CDNs (or proxies) it is recommended to use a mask of This is to ensure traffic is distributed equally because the traffic will originate from the same (or a few) source IP addresses.

OneConnect Transformations

‘OneConnect Transformation’ transforms the ‘Connection: close’ headers in HTTP/1.0 client-side requests to ‘X-Cnection: close’ headers on the server side. This ensures that the server does not close the connection once the request is completed, therefore allowing the server to reuse existing connections for additional requests when using HTTP/1.0.
To enable OneConnect Transformations you must add a OneConnect profile to the virtual server and also enable it from within the HTTP profile .


HTTP Pipelining

HTTP pipelining is a feature of HTTP 1.1 that’s allows multiple requests to be sent via single connection without waiting for each response.
OneConnect does not support Pipelining as each request must be initiated after the response from the previous requests have been received. 
Further details can be found at : http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html



Rick Donato

Want to become an F5 Loadbalancers expert?

Here is our hand-picked selection of the best courses you can find online:
F5 BIG-IP 101 Certification Exam – Complete Course
F5 BIG-IP 201 Certification Exam – Complete Course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial