Forum Discussion

Brian_Saunders1's avatar
Brian_Saunders1
Icon for Altostratus rankAltostratus
Aug 13, 2014

SSL TPS Limits

Hello All,

 

We've been performing load testing for an application that is going to be deployed in the near future and during that load testing I noticed that our 8950 LTM going over the base license 500 tps for SSL, typically it would drop back down below the threshold pretty quickly never remaining above 500 for more than a second or so. After reviewing SOL6475: Overview of SSL TPS licensing limits it sounds like it might be best to upgrade the SSL license so that SSL connections aren't dropped? Just wanted to get other members experience with this.

 

 

Thanks,

 

Brian

 

application delivery
design
LTM
ssl offloading
ssl tps limits

5 Replies

Sort By
  • Jazz007_235152's avatar
    Jazz007_235152
    Icon for Nimbostratus rankNimbostratus
    Aug 10, 2017

    We currently have Bluecoat performing SSL and Reverse proxy. Is there any way to find out how much SSL TPS I am getting ?

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 14, 2014

    Yes.

     

    The LTM logs (In /var/log/ltm) when it's dropping SSL connections due to license exceeded.

     

    I'm not aware of any iRule event that would let you trap that though...

     

    H

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 14, 2014

    Is there a way to determine if a connection was dropped due to the SSL TPS being exceeded?

     

    i am not aware of. there is counter in tmctl to show how many connections are dropped.

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 13, 2014
    it sounds like it might be best to upgrade the SSL license so that SSL connections aren't dropped?

    Agreed 🙂

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 13, 2014

    In my experience, when your SSL TPS averaged over 60 seconds, goes over 0.5 of the license, it's time to upgrade it...

     

    SSL TPS is calculated on a 10ms time slice. Every 10ms you can perform 1/100th of the licensed value. Go over that value (e..g for a 500TPS license that limit is 5) in that 10ms interval, and you'll get dropped connections.

     

    H