Forum Discussion

satish_txt_2254's avatar
Jan 03, 2018

AWS ELB vs F5 SSL TPS calculation

We are running AWS ELB in cloud and now planning to bring it to our datacenter and it is going to be F5.

 

Now i need to understand ELB first to understand how much request we are processing and TPS i need to get new F5 box to handle that request.

 

AWS ELB cloudwatch has very strange metrics and not very clear to understand so may be you folks can help here.

 

ActiveConnectionCount per sec

 

 

Request Count per sec

 

 

Does above graph indicating i need to buy F5 which can handle 20k SSL TPS or 800k TPS?

 

  • Hello,

     

    Reference: https://www.f5.com/pdf/products/big-ip-platforms-datasheet.pdf

     

    • Based on first observation, I'd say i5800

    800K SSL TPS is a definite overkill. I assume your apps are HTTP1.1 that can re-use same TCP and SSL session for multiple L7 requests. Can you also paste "EstimatedALBNewConnectionCount"? Currently it's greyed out in your upper graph.

     

    That lower graph shows you "L7 Requests per second" that you can refer to in hardware datasheet. Graph shows a peak of 800K but you definitely need more to cover peak activity months/hours of the year. You also need some room for growth and not spend dollars for hardware that you outgrow in 1 year. Assume 1.6M L7 requests your requirement when making a decision.

     

    • satish_txt_2254's avatar
      satish_txt_2254
      Icon for Cirrus rankCirrus

      Are you sure AWS

      RequestCount
      is true SSL TPS? 800k SSL TPS is very very high..!

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus

      Where did you read that? As I already said this is "L7 Requests per second" counter not SSL TPS. Your SSL TPS can't be over 25k.

       

      If you want to be safe and reserve some room for growth, go for i5800. If tight on budget, i5600 or even i4800 might be enough. i4600 will not suffice because it can only handle 650K L7 requests per second. We do not know if all your TCP connections are encrypted for HTTPS or if some are plain HTTP. With such TCP connection counters we can only make rough guesses.

       

      My answer is i5800 is the appliance to go for. If you are unsure with my recommendation, go to AWS community forums or ask their support. Try to figure out exact numbers you can refer to in F5 product datasheet. Once you have numbers, cherry-picking your appliance is straight forward. If you prefer not make decision yourself, just open a thread here or turn to your local F5 reseller.

       

      3 Numbers should suffice.

       

      During peak hours:

       

      1. SSL TPS. (Take note that hardware SSL TPS numbers are different for ephemeral keys and RSA. Perhaps something to keep in mind if your company policy is to only use ephemeral key suites)
      2. TCP Connections per second
      3. L7 Requests per second

      Regards,

       

    • satish_txt_2254's avatar
      satish_txt_2254
      Icon for Cirrus rankCirrus

      Totally agreed with your answer here, i am planning to get F5 10200v so handle future growth too. we are only handling very small API calls, its very small piece of data every client makes, our application isn't browsable, all it does make API call and get xml data back.

       

      Any specific suggestion for tuning?

       

  • Hello,

     

    Reference: https://www.f5.com/pdf/products/big-ip-platforms-datasheet.pdf

     

    • Based on first observation, I'd say i5800

    800K SSL TPS is a definite overkill. I assume your apps are HTTP1.1 that can re-use same TCP and SSL session for multiple L7 requests. Can you also paste "EstimatedALBNewConnectionCount"? Currently it's greyed out in your upper graph.

     

    That lower graph shows you "L7 Requests per second" that you can refer to in hardware datasheet. Graph shows a peak of 800K but you definitely need more to cover peak activity months/hours of the year. You also need some room for growth and not spend dollars for hardware that you outgrow in 1 year. Assume 1.6M L7 requests your requirement when making a decision.

     

    • satish_txt_2254's avatar
      satish_txt_2254
      Icon for Cirrus rankCirrus

      Are you sure AWS

      RequestCount
      is true SSL TPS? 800k SSL TPS is very very high..!

    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous

      Where did you read that? As I already said this is "L7 Requests per second" counter not SSL TPS. Your SSL TPS can't be over 25k.

       

      If you want to be safe and reserve some room for growth, go for i5800. If tight on budget, i5600 or even i4800 might be enough. i4600 will not suffice because it can only handle 650K L7 requests per second. We do not know if all your TCP connections are encrypted for HTTPS or if some are plain HTTP. With such TCP connection counters we can only make rough guesses.

       

      My answer is i5800 is the appliance to go for. If you are unsure with my recommendation, go to AWS community forums or ask their support. Try to figure out exact numbers you can refer to in F5 product datasheet. Once you have numbers, cherry-picking your appliance is straight forward. If you prefer not make decision yourself, just open a thread here or turn to your local F5 reseller.

       

      3 Numbers should suffice.

       

      During peak hours:

       

      1. SSL TPS. (Take note that hardware SSL TPS numbers are different for ephemeral keys and RSA. Perhaps something to keep in mind if your company policy is to only use ephemeral key suites)
      2. TCP Connections per second
      3. L7 Requests per second

      Regards,

       

    • satish_txt_2254's avatar
      satish_txt_2254
      Icon for Cirrus rankCirrus

      Totally agreed with your answer here, i am planning to get F5 10200v so handle future growth too. we are only handling very small API calls, its very small piece of data every client makes, our application isn't browsable, all it does make API call and get xml data back.

       

      Any specific suggestion for tuning?