Forum Discussion

Stefan_Magnus_L's avatar
Stefan_Magnus_L
Icon for Nimbostratus rankNimbostratus
Oct 01, 2013

SSL transaction TPS rate limit

Hi there,

 

We're doing some load testing and hitting the SSL transaction rate limit. Does anyone know what a SSL transaction actually is?

 

Is it related to the * number of ssl handshakes per sec? * https requests per sec * number of regenotiations per sec * a combination of all of these

 

Cheers

 

Stefan

 

4 Replies

  • As WLB noted, SOL6475 covers the enforcement logic:

     

    The BIG-IP system utilizes a 10ms window (1/100 of a second) to calculate the current TPS. If the number of TPS requests within any 10ms window exceeds 1/100 of the licensed TPS, an error message regarding the TPS limit being reached is sent to the /var/log/ltm file.

     

    A TPS for licensing enforcement is a new, resumed or renegotiated clientside SSL handshake.

     

    Aaron

     

  • Performance testing without 'SSL resume' and KeepAlive will probably give a clear picture of platform capacity and should allow a realistic vendor comparison.

     

    That´s why they should match 1:1 the observed TCP connection rate and HTTP request rate.

     

    In real world these numbers will not be the same.

     

    With HTTP KeepAlive an existing TCP connection will be reused to carry multiple requests and related replies. A browser establishes a couple of concurrent connections to a virtual server and tries to resume previous SSL connections (shared secret stored in both peers in cache) to save expensive key negotiations. Whenever a connection handling is internally handed over for offload after the TCP 3-way handshake it will be counted as a transaction, regardless if it is a resume, re- or new negotiation as Aaron already wrote. Applying i.e. OneConnect allows clientside KeepAlive helps to reduce the TCP connection rate and lowers the number of SSL TPS significantly.