Forum Discussion
Ecesureshkumar
Nimbostratus
NimbostratusBig IP LTM - SSL quries
Hi team,
1) In Big IP LTM data sheet it has mentioned as 500 TPS as SSL connection limit. But on our webserver we will see minimum of 1000 connections and we need to know whether this box will be support for our requirement or we need to add SSL license to increase this connection limit.
2) Also we need to know how many SSL Certificates can be loaded on to the Big IP LTM box.
Immediate replies are much appriciated.
regards,
suresh.
5 Replies
- nitass
Employee
1) In Big IP LTM data sheet it has mentioned as 500 TPS as SSL connection limit. But on our webserver we will see minimum of 1000 connections and we need to know whether this box will be support for our requirement or we need to add SSL license to increase this connection limit.you can purchase additional ssl tps. maximum ssl concurrent connections depend on hardware platform.
sol6475: Overview of SSL TPS licensing limits
http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.html
2) Also we need to know how many SSL Certificates can be loaded on to the Big IP LTM box.i do not think there is official document. anyway, i do not think it is a small number. by the way, how many certificate are you going to load? 
EcesureshkumarQuestion: i do not think there is official document. anyway, i do not think it is a small number. by the way, how many certificate are you going to load?
I have almost 5 applications running and each application will be accessed through Web servers on https port. Hence 5 certificates need to be loaded.- nitassHence 5 certificates need to be loaded.5 is very small number. ;-)
- Kevin_StewartA few additional points:
SSL TPS, or Transactions Per Second, is the initial (or renegotiated) SSL handshake process and key exchange. It happens once at the beginning of an SSL session and potentially again at renegotiation points. This is different than "bulk" encryption, which 1) generally uses smaller keys, and 2) has MUCH greater capacity than TPS. The TPS number is not necessarily equal to the total number of connections, unless all of those connections start at the same time.
Also, SSL certificates and keys are loaded into running memory so the practical limitation is the hardware's capacity. The smallest BIG-IP platform can handle thousands of certificate/key pairs. 
marco_octavian_While, even 1,000 TPS is not that much for a LTM, you didn't specify what platform you are using. The 1600 maxes at 1,000 TPS. It's min or max on these newer units, so go ahead and get the max. You want some buffer space there.
BTW, if you already have a unit and ARE actually hitting 1,000 TPS, then the LTM will generate log entries. They will in the /var/log/ltm file or you can use the gui.
