# OneConnect Profile in BIG-IP

The **OneConnect** profile is a feature in BIG-IP designed to optimize connection management for protocols where connections can be reused, such as HTTP. Below are the detailed aspects of how it works and its configuration nuances:

***

#### **Key Features**

1. **Connection Reuse**:
   * OneConnect enables the reuse of server-side connections for multiple client requests, reducing overhead and improving resource efficiency.
   * Works in tandem with **HTTP Keep-Alive**.
2. **Protocol Compatibility**:
   * Supports both **HTTP-based** and **Non-HTTP-based** traffic.
   * Best suited for protocols with explicit transaction boundaries (e.g., each request/response is in a single packet).
3. **Profiles Required for HTTP Traffic**:
   * **TCP Profile**: For establishing and maintaining TCP connections.
   * **HTTP Profile**: For handling HTTP-specific traffic.
   * **OneConnect Profile**: For enabling connection reuse.

***

#### **Conditions for Use**

* **HTTP Keep-Alive**:
  * Required for OneConnect functionality with HTTP traffic.
  * Default in **HTTP/1.1** (`Connection: Keep-alive`).
  * Must be explicitly enabled for **HTTP/1.0**.
* **SNAT and Source Mask**:
  * When using **SNAT** (Source Network Address Translation), the default **Source Mask (0.0.0.0)** is recommended for efficient connection distribution.
  * A **non-zero mask** may result in uneven load balancing.
* **Encrypted Traffic**:
  * Avoid using OneConnect if traffic remains encrypted between the client and the destination server (e.g., passthrough SSL connections).

***

#### **Load Balancing and Interference**

* OneConnect can interfere with **load-balancing algorithms** because idle connections may persist on specific servers, leading to uneven distribution of traffic.
* It may also interfere with **persistence profiles**, particularly when sessions need to stick to a specific server.

***

#### **Connection Limits**

* **Limit Type Setting** (introduced in v11.6.0+):
  * **None (Default)**: No additional restrictions on connections.
  * **Idle**:
    * Drops idle connections when the TCP connection limit is reached.
  * **Strict**:
    * Enforces strict connection limits, preventing new TCP connections until idle ones expire.
    * Not recommended unless idle timeouts are very short.

***

#### **Transformations**

* **OneConnect Transformations** in the HTTP profile:
  * Converts **HTTP/1.0** client requests with `Connection: close` headers into **HTTP/1.1** requests.
  * Allows server-side connections to remain open for reuse.
  * **Default**: Enabled.

***

#### **Special Considerations**

1. **NTLM Authentication**:
   * NTLM’s reliance on HTTP 401 responses may cause OneConnect to close connections prematurely.
   * To prevent this, configure an **NTLM profile** in conjunction with OneConnect.
2. **High Connection Efficiency**:
   * The default source mask (`0.0.0.0`) ensures fewer server-side connections are established and maximizes reuse, improving performance.