Hello,
For reference here is the OneConnect Overview article.
The article makes it clear, the F5 does not select a pool member based on available idle connections, it selects a pool member based on the load balancing algorithm.
OneConnect selection process
- Request comes in, pool selection takes place etc.
- Load balancing decision based on persistence or algorithm.
- Apply mask to translated source address.
- Re-use idle connection and mark in-use, or open new connection and mark in-use.
- Inspect server response:
a. 200, 206, 3xx: eligible for re-use, mark connection idle.
b. anything else: not eligible for re-use, close the connection.
It is possible to override the default OneConnect re-use behavior via iRule and/or db setting
sys db tmm.http.oc.droponerror
.
OneConnect Mask
The mask on the OneConnect profile only applies to the server-side connection. If you SNAT all connections to a single address, the mask on the OneConnect profile for all intents and purposes is irrelevant.
Your scenario
In your round-robin scenario, the requests that come into the F5 will be balanced round-robin on a per-request basis.
As long as you don't have persistence:
- request 1 --> server 1
- request 2 --> server 2
If you want to test the behavior, you could try these steps:
- Configure a 255.255.255.255 mask in your OneConnect profile.
- Write a simple iRule to SNAT to a different IP if the request is from your test browser/client.
- Run tcpdump to capture the traffic server-side from the specific SNAT address from the iRule.
If you capture with noise and view in Wireshark with the F5 plugin, you can see which client-side connections are associated with the server-side connections.
Reducing connections
It is true, OneConnect can be used to reduce server-side TCP connections. However, it is important to keep the end goal in mind: performance.
- It's better to have all servers handling requests from a single client-side connection than 1.
- Connection setup is time-consuming, it's better to keep a connection open as long as possible.
The load balancing algorithm on the F5 is one of the tools F5 provides to put you in control of load distribution. I don't think of OneConnect as a way to "reduce server-side connections handled by the F5", the F5 is more than capable of handling lots of server-side connections.
OneConnect is another tool that works in concert with your load balancing algorithm. It allows the algorithm you choose to distribute HTTP load on a per-request basis instead of a per-connection basis.