Forum Discussion

Ecesureshkumar's avatar
Ecesureshkumar
Icon for Nimbostratus rankNimbostratus
Aug 06, 2013

Big IP LTM - SSL quries

Hi team,

 

 

1) In Big IP LTM data sheet it has mentioned as 500 TPS as SSL connection limit. But on our webserver we will see minimum of 1000 connections and we need to know whether this box will be support for our requirement or we need to add SSL license to increase this connection limit.

 

2) Also we need to know how many SSL Certificates can be loaded on to the Big IP LTM box.

 

 

Immediate replies are much appriciated.

 

 

regards,

 

suresh.

 

 

config
design

5 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 06, 2013
    1) In Big IP LTM data sheet it has mentioned as 500 TPS as SSL connection limit. But on our webserver we will see minimum of 1000 connections and we need to know whether this box will be support for our requirement or we need to add SSL license to increase this connection limit.you can purchase additional ssl tps. maximum ssl concurrent connections depend on hardware platform.

     

     

    sol6475: Overview of SSL TPS licensing limits

     

    http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.html

     

     

    2) Also we need to know how many SSL Certificates can be loaded on to the Big IP LTM box.i do not think there is official document. anyway, i do not think it is a small number. by the way, how many certificate are you going to load?
  • Ecesureshkumar's avatar
    Ecesureshkumar
    Icon for Nimbostratus rankNimbostratus
    Aug 06, 2013
    Question: i do not think there is official document. anyway, i do not think it is a small number. by the way, how many certificate are you going to load?

    I have almost 5 applications running and each application will be accessed through Web servers on https port. Hence 5 certificates need to be loaded.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 06, 2013
    Hence 5 certificates need to be loaded.5 is very small number. ;-)
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 06, 2013
    A few additional points:

     

     

    SSL TPS, or Transactions Per Second, is the initial (or renegotiated) SSL handshake process and key exchange. It happens once at the beginning of an SSL session and potentially again at renegotiation points. This is different than "bulk" encryption, which 1) generally uses smaller keys, and 2) has MUCH greater capacity than TPS. The TPS number is not necessarily equal to the total number of connections, unless all of those connections start at the same time.

     

     

    Also, SSL certificates and keys are loaded into running memory so the practical limitation is the hardware's capacity. The smallest BIG-IP platform can handle thousands of certificate/key pairs.

     

  • marco_octavian_'s avatar
    marco_octavian_
    Icon for Nimbostratus rankNimbostratus
    Aug 06, 2013
    While, even 1,000 TPS is not that much for a LTM, you didn't specify what platform you are using. The 1600 maxes at 1,000 TPS. It's min or max on these newer units, so go ahead and get the max. You want some buffer space there.

     

     

    BTW, if you already have a unit and ARE actually hitting 1,000 TPS, then the LTM will generate log entries. They will in the /var/log/ltm file or you can use the gui.