Performance with SSL ?

Cirrostratus

Jul 16, 2007

Hello,

Regardless of the exact syntax you use in the rule, I wouldn't expect anywhere near the slowness you're describing when adding BIG-IP with or without rules to the connection path. I would think there is a application or network layer issue that is causing the slowness. You might try capturing simultaneous tcpdumps on each interface the connections are going over, to get a better idea of what is causing the slowness.

Port translation and SSL decryption shouldn't add any noticeable latency to the connections. In fact, if you're decrypting the SSL on the BIG-IP and passing it as HTTP to the web servers, you should normally see a decrease in latency.

Unless the traffic is passing over an insecure network between the BIG-IP and the web server, you shouldn't need to re-encrypt the traffic.

I'd suggest capturing tcpdumps on the BIG-IP between the client and VIP and BIG-IP and web servers, and look for latency. If you have a support contract you could contact support for help in troubleshooting this issue.

Aaron

Forum Discussion

Performance with SSL ?

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

Related Content

SSL Full Proxy - SSL Re-Encryption performance degradation

Performance Logging iRule (Rule_http_log)

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

Enhance Performance and Increase Scalability with F5 BIG-IP on HPE GreenLake

SSL protocol mismatch