Forum Discussion

draco_184361's avatar
draco_184361
Icon for Nimbostratus rankNimbostratus
Nov 15, 2017

3 sec delay in transaction when going via F5

Hi All

 

Really appreciate this forum .

 

This time the issue is , we have migrated applications from Cisco ACE to F5 . While going via F5, the transaction for traffic takes 4 sec which is bad wrt to this application. But when it used to go via cisco ACE , it takes less than 1 sec. On F5, we are doing ssl offload, when we did a packet capture, the client hello is coming to F5 after 3 sec after the TCP handshake. The virtual server is standard type and tcp profile is with default settings. I am going to create a VS with out ssl offloading and on HTTP port and see if there is delay . Also in the packet capture from the client side, in the 3 sec before the client sends CLIENT HELLO, i see netbios stat query to F5 VIP , the client is accessing the F5 VIP , it is a soap request it is trying to send, Am not sure why it is doing a netbios stat query(Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>) to the F5 VIP,but it issues 3 times each takes 1 sec , and then when it fails after 3 times,it starts client hello .am not sure how this is related to the delay . We are taking a pcap from client side to check if netbios query is sent while client sends request to the cisco ACE VIP.if anybody has any idea of what is happening here , please do let me know?

 

2 Replies

  • It looks like a client issue - the client is querying Netbios to determine the netbios name prior to issuing the client hello. You may need to create another virtual to forward the Netbios request to the pool member server so that the client receives a netbios response and the SSL negotiation can start.

     

    Check your ACE to see it it was able to pass the Netbios request through to the pool member.

     

    Or find out why the client is issuing the Netbios request, and maybe disable that feature.

     

  • draco's avatar
    draco
    Icon for Nimbostratus rankNimbostratus

    It happens with other client as well..happening irrespective of the client and when i issue request directly from the same to the real server on the customized port...i see no netbios in the pcap.is it like to initiate the client hello, it has to get the netbios name ?

     

    will check pcap viia ace as well .still waiting as the customer isn't available..thanks a lot for your response. Will try creating forwarder as well for the netbios request.