Forum Discussion
NimbostratusBIGIP appliance - cookie encryption in hardware?
For BIGIP hardware platforms running TMOS v12.1.2 is the encryption/decryption process for cookies performed in hardware?
I am specifically interested in cookie encryption enabled using the 'cookie-encryption' argument in the persistence profile.
Kevin_Davies_40Nacreous
Cookie encryption is performed in hardware, if its available.
Ed_SummersThanks, Kevin.
One follow on if I may since I see you had iRules for breakfast this morning. Same is true for AES::encrypt in iRules? Performed in CPU?
- Kevin_Davies_40
Every morning!
It is a good question and probably one that warrants a seperate question here. There is no information that explains if this is done in hardware. We know their is dedicated offload for SSL and Compression. Which of those encryptions are offloaded is answered in K13213 However does this offloading require an SSL profile? Does AES:: command tap into that offloading? Would be a good question and I suggest you post it.
- Kevin_Davies_40
Ed, I have confirmed and updated my original answer. The CRYPTO:: and AES:: commands will use hardware offload (CAVIUM) if its available. This means it is highly likely that cookie encryption will be doing the same thing since they use the same functionality.