ecce_297791
Feb 16, 2018Altocumulus
HTTP is fast, HTTPS really slow and causes massive FCS failure
I have two BIGIP VE's on my laptop I use for lab and education. On both of them (not HA) HTTPS to a VS works, but is painfully slow. A simple web page with a few pictures in it takes 20-30 seconds to load. Unencrypted HTTP is lightning fast.
Here is the VS config:
ltm virtual /Common/f5trn.cmos.lab-p443-vs {
destination /Common/10.1.10.20:443
ip-protocol tcp
mask 255.255.255.255
pool /Common/f5trn.cmos.lab-pool
profiles {
/Common/f5trn.cmos.lab {
context clientside
}
/Common/http { }
/Common/http2 { }
/Common/tcp { }
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
ltm pool /Common/f5trn.cmos.lab-pool {
members {
/Common/10.1.20.11:80 {
address 10.1.20.11
}
/Common/10.1.20.12:80 {
address 10.1.20.12
}
/Common/10.1.20.13:80 {
address 10.1.20.13
}
}
monitor /Common/http
}
A packet capture shows a MASSIVE FCS failure. Every single frame. Same on both sides of the BIGIP.
Troubleshooting includes:
- Disabling SSL (removing clientSSL profile). Not slow.
- Disabling HTTP/2 profile, using HTTP/1.1 (with SSL) instead. Still slow.
- Using normal clientssl profile. Still slow.
- Trying another BIGIP VE on the same laptop (standalone). Still slow.
- Upgrading virtual hardware from v7 to v12. Still slow.
- Upgrading memory on BIGIP VE 6 > 8 GB RAM. Still slow.
- CPU load is around 9%
- Memory usage is >80% high according to the flash-based dashboard. 6 or 8 GB RAM makes no difference. However TMM uses 5.5% of 3.9 GB.
- The Configuration Utility uses HTTPS and is very responsive.
Other info:
- LTM, APM and AVR are provisioned
- The FQDN is resolved via /etc/hosts file
- BIGIP version is 13.1
- My laptop is a MacBook Pro with core i7 with 16GB RAM and not slow or heavily loaded with anything else.
Any ideas to why SSL seems to cause this behaviour?