F5 FastL4 Profile

FastL4
FastL4 is limited in functionality to socket level decisions (for example, src_ip:port dst_ip:port).
Thus, you can use FastL4 only when socket level information for each connection is required for the virtual server.
What exactly does socket level decision mean?
It means that you can’t be trying to process anything above Layer 4. So no iRules, no header insertions, no cookie persistence, etc.
But, on a virtual server that does not require any Layer 7 decision-making, using the FastL4 profile will cause the connection to be processed in the PVA (the Packet Velocity Accelerator ASIC on LTM) and can give you greater performance

The PVA is a hardware acceleration chip that delivers high performance L4 throughput and denial-of-service (DoS) protection.
The PVA can operate in the following three modes:
– Full Acceleration (Full)
All traffic is load balanced using Layer 4 features, such as virtual servers that operate only on IP addresses and ports of incoming traffic. The Full acceleration mode is not compatible with Layer 7 features, such as cookie persistence, header insertion, and rules that operate on data payload content.
– Partial Acceleration (Assisted)
The first packets in each connection are processed in software, and each packet thereafter is accelerated. This process allows the software to make decisions based on Layer 4 content, but accelerates the traffic once the load balancing or persistence determination has been made.
– No Acceleration (None)
No traffic is accelerated.

 

The Fast HTTP profile type

The Fast HTTP profile is a configuration tool designed to speed up certain types of HTTP connections. This profile combines selected features from the TCP Express, HTTP, and OneConnect profiles into a single profile that is optimized for the best possible network performance. When you associate this profile with a virtual server, the virtual server processes traffic packet-by-packet, and at a significantly higher speed.

You might consider using a Fast HTTP profile when:

  • You do not need features such as remote server authentication, SSL traffic management, and TCP optimizations, nor HTTP features such as data compression, pipelining, and RAM Cache.
  • You do not need to maintain source IP addresses.
  • You want to reduce the number of connections that are opened to the destination servers.
  • The destination servers support connection persistence, that is, HTTP/1.1, or HTTP/1.0 with Keep-Alive headers. Note that IIS servers support connection persistence by default.
  • You need basic iRule support only (such as limited Layer 4 support and limited HTTP header operations). For example, you can use the iRule events CLIENT_ACCEPTED,SERVER_CONNECTED, and HTTP_REQUEST.

A significant benefit of using a Fast HTTP profile is the way in which the profile supports connection persistence. Using a Fast HTTP profile ensures that for client requests, Local Traffic Manager can transform or add an HTTP Connection header to keep connections open. Using the profile also ensures that Local Traffic Manager pools any open server-side connections. This support for connection persistence can greatly reduce the load on destination servers by removing much of the overhead caused by the opening and closing of connections.

Note: The Fast HTTP profile is incompatible with all other profile types. Also, you cannot use this profile type in conjunction with VLAN groups, or with the IPv6 address format.

 

When writing iRules, you can specify a number of events and commands that the Fast HTTP profile supports.

You can use the default fasthttp profile as is, or create a custom Fast HTTP profile.

The UDP profile type

The UDP profile is a configuration tool for managing UDP network traffic.

Because the BIG-IP system supports the OpenSSL implementation of datagram Transport Layer Security (TLS), you can optionally assign both a UDP and a Client SSL profile to certain types of virtual servers.

The SCTP profile type

Local Traffic Manager includes a profile type that you can use to manage Stream Control Transmission Protocol (SCTP) traffic. Stream Control Transmission Protocol (SCTP) is a general-purpose, industry-standard transport protocol, designed for message-oriented applications that transport signalling data. The design of SCTP includes appropriate congestion-avoidance behavior, as well as resistance to flooding and masquerade attacks.

Unlike TCP, SCTP includes the ability to support several streams within a connection. While a TCP stream refers to a sequence of bytes, an SCTP stream represents a sequence of messages.

You can use SCTP as the transport protocol for applications that require monitoring and detection of session loss. For such applications, the SCTP mechanisms to detect session failure actively monitor the connectivity of a session.

 

 

Troubleshooting:

running a Packet capture on FastL4 will not be complete. You must change the profile to a  standard TCP profile for the capture to give full information on the traffic

Case Study:

Case Study – F5 Load Balancer and TCP Idle Timer – fastL4 Profile.pdf

 

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.