Forum Discussion

katic_13597's avatar
katic_13597
Icon for Nimbostratus rankNimbostratus
Jul 15, 2007

Performance with SSL ?

I am new to Big-IP ,i am using F5 Big-IP 1500 with 9.1.2 Firmware.   we are using SSL Between Client and F5, the architected is as Below:   CLient SSL   (HTTPS:443) HTT...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 16, 2007
Hello,

 

 

Regardless of the exact syntax you use in the rule, I wouldn't expect anywhere near the slowness you're describing when adding BIG-IP with or without rules to the connection path. I would think there is a application or network layer issue that is causing the slowness. You might try capturing simultaneous tcpdumps on each interface the connections are going over, to get a better idea of what is causing the slowness.

 

 

Port translation and SSL decryption shouldn't add any noticeable latency to the connections. In fact, if you're decrypting the SSL on the BIG-IP and passing it as HTTP to the web servers, you should normally see a decrease in latency.

 

 

Unless the traffic is passing over an insecure network between the BIG-IP and the web server, you shouldn't need to re-encrypt the traffic.

 

 

I'd suggest capturing tcpdumps on the BIG-IP between the client and VIP and BIG-IP and web servers, and look for latency. If you have a support contract you could contact support for help in troubleshooting this issue.

 

 

Aaron