SSL offload question regarding licence

Question

We have a cluster of BIG-IP 1600 with 2 tmms and licence for 500 ssl tps. 
According to the kb below, we should be able to manage up to 1000 ssl tps. Is that correct? Am I missing anything?&nbsp;
https://support.f5.com/csp/article/K6475&nbsp;
show sys license detail | grep -i perf_SSL_total_TPS
perf_SSL_total_TPS [500]&nbsp;
show sys tmm-info global | grep -i 'TMM count'
  TMM Count               2&nbsp;
Thanks in advance and regards,
Pablo.&nbsp;

vernonwells · Answer

Sort of.  The problem is that the 1600 is a pretty old platform, and the TLS hardware only natively supports 1k asymmetric keys.  In general, for 2k keys (which is standard today), performance is reduced by about 75%.  Having said that, if you license the system for maximum TLS support, it should be able to achieve ~1000 TPS for 2k keys.&nbsp;
Assuming your certificates use 2k keys, you might want to consider a hardware refresh (particularly since the 1600 is now past End of Software Development.&nbsp;

Forum Discussion

SSL offload question regarding licence

Recent Discussions

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

Question & Answer: Regarding CVE-2020-5902

Question regarding the F5 vulnerabilities page API

Renewing SSL certificate for SSL offload - question regarding CSR creation

Query Regarding extramb

HTTPS offload rewriting

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS