OneConnect Profile in BIG-IP

The OneConnect profile is a feature in BIG-IP designed to optimize connection management for protocols where connections can be reused, such as HTTP. Below are the detailed aspects of how it works and its configuration nuances:

Key Features

  1. Connection Reuse:

    • OneConnect enables the reuse of server-side connections for multiple client requests, reducing overhead and improving resource efficiency.

    • Works in tandem with HTTP Keep-Alive.

  2. Protocol Compatibility:

    • Supports both HTTP-based and Non-HTTP-based traffic.

    • Best suited for protocols with explicit transaction boundaries (e.g., each request/response is in a single packet).

  3. Profiles Required for HTTP Traffic:

    • TCP Profile: For establishing and maintaining TCP connections.

    • HTTP Profile: For handling HTTP-specific traffic.

    • OneConnect Profile: For enabling connection reuse.

Conditions for Use

  • HTTP Keep-Alive:

    • Required for OneConnect functionality with HTTP traffic.

    • Default in HTTP/1.1 (Connection: Keep-alive).

    • Must be explicitly enabled for HTTP/1.0.

  • SNAT and Source Mask:

    • When using SNAT (Source Network Address Translation), the default Source Mask (0.0.0.0) is recommended for efficient connection distribution.

    • A non-zero mask may result in uneven load balancing.

  • Encrypted Traffic:

    • Avoid using OneConnect if traffic remains encrypted between the client and the destination server (e.g., passthrough SSL connections).

Load Balancing and Interference

  • OneConnect can interfere with load-balancing algorithms because idle connections may persist on specific servers, leading to uneven distribution of traffic.

  • It may also interfere with persistence profiles, particularly when sessions need to stick to a specific server.

Connection Limits

  • Limit Type Setting (introduced in v11.6.0+):

    • None (Default): No additional restrictions on connections.

    • Idle:

      • Drops idle connections when the TCP connection limit is reached.

    • Strict:

      • Enforces strict connection limits, preventing new TCP connections until idle ones expire.

      • Not recommended unless idle timeouts are very short.

Transformations

  • OneConnect Transformations in the HTTP profile:

    • Converts HTTP/1.0 client requests with Connection: close headers into HTTP/1.1 requests.

    • Allows server-side connections to remain open for reuse.

    • Default: Enabled.

Special Considerations

  1. NTLM Authentication:

    • NTLM’s reliance on HTTP 401 responses may cause OneConnect to close connections prematurely.

    • To prevent this, configure an NTLM profile in conjunction with OneConnect.

  2. High Connection Efficiency:

    • The default source mask (0.0.0.0) ensures fewer server-side connections are established and maximizes reuse, improving performance.

PreviousCMP vs. SMP in BIG-IP Systems

Last updated