Performance with SSL ?

Question

I am new to Big-IP ,i am using F5 Big-IP 1500 with 9.1.2 Firmware.
&nbsp;we are using SSL Between Client and F5, the architected is as Below:
&nbsp;        CLient SSL
&nbsp;       (HTTPS:443)         HTTP:995
&nbsp;Client ----------&gt; F5BigIP-------------&gt;Server&nbsp;
&nbsp;with above Configurations my Product Performance End to End is like 0.77 Requests Per second , but if we directly hit the Server the Performance is around 17 requests per second , is I am doing wrong over here? Is Port translation from HTTPS :443 to HTTP:995 takes time ? if we use Client SSL and Server SSL my performance is gone ….&nbsp;
&nbsp;Please help in resolving the issue.&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Hello,&nbsp;
&nbsp;Regardless of the exact syntax you use in the rule, I wouldn't expect anywhere near the slowness you're describing when adding BIG-IP with or without rules to the connection path.  I would think there is a application or network layer issue that is causing the slowness.  You might try capturing simultaneous tcpdumps on each interface the connections are going over, to get a better idea of what is causing the slowness.&nbsp;
&nbsp;Port translation and SSL decryption shouldn't add any noticeable latency to the connections.  In fact, if you're decrypting the SSL on the BIG-IP and passing it as HTTP to the web servers, you should normally see a decrease in latency.  &nbsp;
&nbsp;Unless the traffic is passing over an insecure network between the BIG-IP and the web server, you shouldn't need to re-encrypt the traffic.&nbsp;
&nbsp;I'd suggest capturing tcpdumps on the BIG-IP between the client and VIP and BIG-IP and web servers, and look for latency.  If you have a support contract you could contact support for help in troubleshooting this issue.&nbsp;
&nbsp;Aaron

chris_schaerli_ · Answer

You might try switching your VIP over to straight HTTP and see what your performace is like.  &nbsp;
&nbsp;Also check your switch port setting.  Verify you are set to full 100 or 1000 and there are no errors on the switch port. &nbsp;&nbsp;

Forum Discussion

Performance with SSL ?

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

SSL Full Proxy - SSL Re-Encryption performance degradation

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

Enhance Performance and Increase Scalability with F5 BIG-IP on HPE GreenLake

SSL protocol mismatch

VIP-targeting-VIP solution using Standard and performance L4 VS