Best approach for managing HSL connections
Howdy,
I've a reasonably high volume site, and various lower volume ones and am looking to stasrt introducing HSL to a number of iRules. This is on 10.2.4 so no http access logging direct from the virtual etc, so am doing this in iRules old skool. The high volume site is moving behind a CDN, which will pool and aggregate connections from clients down into a smaller number of TCP connections, although we're not yet sure exactly how long a CDN connection is likely to last, and how many reuses etc.
What's the recommended approach on how to manage HSL::open calls? on a per CLIENT_ACCEPTED basis per iRule? reuse the same HSL across multiple iRules? As part of the CDN implementation we have a generic iRule that setups up a few standard things, like mangling headers they set, so we could create an HSL connection at that "setup" stage and then use it going forwards through the other functional iRules?
Currently we log some low level messages through standard log commands, so connections to our central log server are still just one per LTM, but switching to HSL would potentially be opening what.... 500 connections per box? That seems a hell of a lot, but as it's a per client basis on a huge CDN, which therefore will still open a lot of connections, seems potentially very wasteful if we're not utilizing these connections a lot. Would anyone suggest looking at somehow pooling or aggregating these HSL connections to less that one per CLIENT_ACCEPTED? I can imagine maybe modulusing (sp?!) the source port number to pick one of a defined maximum number of connections to log to, opening it if it doesn't already exist?
Thanks!