SOL4707: Choosing a profile for HTTP traffic
Best Practice
Updated: 7/6/09 7:43 PM
F5 Networks recommends that you assess the needs of each HTTP virtual server individually, using the following information to determine which profile, or profile combination, will best meet the requirements for each virtual server.
Important: The HTTP profile will work in all cases; however, the HTTP profile places BIG-IP in full Layer 7 inspection mode, which can be unnecessarily intensive when used on simple load balancing virtual servers. Thus, the other profile options provided should be considered in instances where the full Layer 7 engine is not necessary for a particular virtual server.
TCP+HTTP
Profiles: TCP+HTTP
Advantage: The HTTP profile can take full advantage of all of BIG-IP's Layers 4 - 7 HTTP/HTTPS features.
When to use: The HTTP profile is used when any of the following features are required:
- TCPexpress and content spooling features reduce server load
- Full OneConnect functionality (including HTTP 1.0 transformations)
- Layer 7 persistence (cookie, hash, universal, and iRule)
- Full HTTP iRules logic
- HTTP FastCache
- HTTP Compression
- HTTP pipelining
- Virtual Server Authentication
- Redirect Rewriting
Limitations:
- More CPU-intensive
- Memory utilization:
- FastCache:
Provisions user-defined memory allocation for cache content for each virtual server that utilizes the given HTTP profile with FastCache enabled. - Compression:
Larger buffer sizes can increase memory utilization when compressing large objects. - TCP offloading/content spooling:
Can increase memory utilization in cases where either the client-side or the server-side of the connection is slower than the other. The BIG-IP will hold the data in the buffer until the slower side of the connection is able to retrieve it.
Note: For more information about the TCP profile, refer to SOL7559: Overview of the TCP profile.
- FastCache:
FastHTTP
Profile: FastHTTP
Advantage: Faster than HTTP profile
When to use: FastHTTP profile is recommended when it is not necessary to use persistence and or maintain source IP addresses. FastHTTP also adds a subset of OneConnect features to reduce the number of connections opened to the backend HTTP servers. The FastHTTP profile requires that the clients' source addresses are translated. If an explicit SNAT or SNAT pool is not specified, the appropriate self IP address is used.
Note: Typically, server efficiency increases as the number of SNAT addresses available to the virtual server increases. At the same time, the increase in SNAT addresses available to the virtual server also decreases the likelihood that the virtual server will reach the point of ephemeral port exhaustion (65535 open connections per SNAT address).
Limitations:
- Requires client source address translation
- Not compatible with persistence
- Limited iRules support L4 and are limited to a subset of HTTP header operations, and pool/pool member selection
- No compression
- No virtual server authentication
- No support for HTTP pipelining
- No TCP optimizations
FastL4
Profile: FastL4
Advantage: Uses PVA to process packets
When to use: FastL4 is limited in functionality to socket level decisions (for example, src_ip:port dst_ip:port). Thus, you can use FastL4 only when socket level information for each connection is required for the virtual server.
Limitations:
- No HTTP optimizations
- No TCP optimizations for server offloading
- SNAT/SNAT pools demote PVA acceleration setting level to Assisted
- iRules limited to L4 events, such as CLIENT_ACCEPTED and SERVER_CONNECTED
- No OneConnect
- Source address or destination address based persistence only
- No compression
- No Virtual Server Authentication
- No support for HTTP pipelining
沒有留言:
張貼留言