SSL offload question regarding licence

Question

We have a cluster of BIG-IP 1600 with 2 tmms and licence for 500 ssl tps. 
According to the kb below, we should be able to manage up to 1000 ssl tps. Is that correct? Am I missing anything?&nbsp;
https://support.f5.com/csp/article/K6475&nbsp;
show sys license detail | grep -i perf_SSL_total_TPS
perf_SSL_total_TPS [500]&nbsp;
show sys tmm-info global | grep -i 'TMM count'
  TMM Count               2&nbsp;
Thanks in advance and regards,
Pablo.&nbsp;

vernonwells · Answer

Sort of.  The problem is that the 1600 is a pretty old platform, and the TLS hardware only natively supports 1k asymmetric keys.  In general, for 2k keys (which is standard today), performance is reduced by about 75%.  Having said that, if you license the system for maximum TLS support, it should be able to achieve ~1000 TPS for 2k keys.&nbsp;
Assuming your certificates use 2k keys, you might want to consider a hardware refresh (particularly since the 1600 is now past End of Software Development.&nbsp;

Forum Discussion

SSL offload question regarding licence

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Question & Answer: Regarding CVE-2020-5902

Query Regarding extramb

Health monitor question

F5 Connection Mirroring question

Renewing SSL certificate for SSL offload - question regarding CSR creation