We recently moved a Domino server from the DMZ to inside our network. Access to the server now is through a Big-IP F5 LTM device. While the performance of http access is reasonable, https access is not. The https connection from browser to F5 is SSL using one certificate. The connection from F5 to Domino is SSL using another certificate. Https access through the F5 is consistently slower than https directly to the server by 4 to 20+ seconds.
I know there are many variables in the new routing. Does anyone know if there are Domino specific settings for the F5? Are there F5 (reverse proxy) settings needed in Domino 8.5.3?
The server option for http persistent connections was, and still is, Disabled. I had no idea that the F5 was attempting to keep the connection open, so I did not try enabling persistent connections. The connection between the F5 and server is 1 gb, so hopefully, the cost of making the connection is not too much. As it is now, the response time on https requests is quite acceptable.
The F5 network administrator removed the F5 OneConnect profile from the Domino server definition and response time on https requests was significantly improved. The OneConnect profile attempts to use HTTP keep-alives and connection reuse to improve performance. I do not know why it didn’t work in this case.
Interesting,
Curious if you would find better luck with that F5 profile if you toggled the http persistent connections configuration in the Domino server document