Forum Discussion
SSL cipher: improve performance
In my company,there are tons of ssl traffic(both client and server side in LTM).
In order to tunning this,which SSL cipher I should choose to improve performance and reduce latency spent in network delivery
I am also considering enable oneconnect for server side SSL since it can reduce SSL handshake between LTM and backend servers,in which it can improve performance
Correct me if I am wrong
In regards to F5 config, the most significant performance improvement would come from well-optimized caching profiles, this goes for SSL and nonSSL traffic. In my opinion, forcing the use of a specific "performance-friendly" cipher is a pseudo-improvement, it would improve performance very little to nothing, furthermore, it could cut off some users who have a device which does not support your cipher.
To conclude:
1) Take a look at your caching profiles
2) Ask the front-end team to reduce the amount of GET requests a browser has to make per page load
Good luck :)
Note: The oneconnect would indeed reduce the SSL handshakes for LTM to backend server communications. One thing to keep in mind that with this option enabled, you might also want to configure X-Forwarded-For HTTP header, so that the original source IP address of request-maker can be seen in the back-end server logs.
- Hannes_Rapp_162Nacreous
In regards to F5 config, the most significant performance improvement would come from well-optimized caching profiles, this goes for SSL and nonSSL traffic. In my opinion, forcing the use of a specific "performance-friendly" cipher is a pseudo-improvement, it would improve performance very little to nothing, furthermore, it could cut off some users who have a device which does not support your cipher.
To conclude:
1) Take a look at your caching profiles
2) Ask the front-end team to reduce the amount of GET requests a browser has to make per page load
Good luck :)
Note: The oneconnect would indeed reduce the SSL handshakes for LTM to backend server communications. One thing to keep in mind that with this option enabled, you might also want to configure X-Forwarded-For HTTP header, so that the original source IP address of request-maker can be seen in the back-end server logs.
- Robert_47833AltostratusWhat is best way to set up cache profile? There is CDN Akamai to provide cache in front end ,I am thinking about improve backend F5's performance which serve dynamic content mostly
- Hannes_RappNimbostratus
In regards to F5 config, the most significant performance improvement would come from well-optimized caching profiles, this goes for SSL and nonSSL traffic. In my opinion, forcing the use of a specific "performance-friendly" cipher is a pseudo-improvement, it would improve performance very little to nothing, furthermore, it could cut off some users who have a device which does not support your cipher.
To conclude:
1) Take a look at your caching profiles
2) Ask the front-end team to reduce the amount of GET requests a browser has to make per page load
Good luck :)
Note: The oneconnect would indeed reduce the SSL handshakes for LTM to backend server communications. One thing to keep in mind that with this option enabled, you might also want to configure X-Forwarded-For HTTP header, so that the original source IP address of request-maker can be seen in the back-end server logs.
- Robert_47833AltostratusWhat is best way to set up cache profile? There is CDN Akamai to provide cache in front end ,I am thinking about improve backend F5's performance which serve dynamic content mostly
- Samir_Jha_52506Noctilucent
Why only on server side SSL encryption VIP? First you need to make the list of applications, which is highly utilized. Then decide on which VIP, you can configure Oneconnect profile.
Guys, Please correct me if I am wrong.
- Robert_47833AltostratusI consider server side SSL as a start to begin this ,ha
- Robert_47833Altostratus
What is best way to set up cache profile? There is CDN Akamai to provide cache in front end ,I am thinking about improve backend F5's performance which serve dynamic content mostly
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com