For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

boo_radley_1114's avatar
boo_radley_1114
Icon for Nimbostratus rankNimbostratus
Apr 26, 2013

SSL TPS License limits and log message -- will I always see one?

Hi folks -- I understand the SSL graph can be inaccurate (Overview -> Performance -> SSL trans/sec) because it polls on average of every 10 seconds, and the way the license is implemented, SSL tps are monitored over a 10ms window....

 

But my questions is this -- how are the log messages generated? Is a message written to the log each time a SYN is silently dropped because we've hit the limit (1/100th of our license over this 10ms window?). Or sometimes could connections be dropped, forcing the client to retransmit, and NO log message will appear in the LTM log? I'm asking because values seen through 'snmpget' indicate we are running at an SSL TPS load level that is higher than our license, yet not consistenly seeing error messages in the logs.

 

Thx!

 

 

Steve

 

 

management
monitoring

2 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Apr 29, 2013
    It's my understanding that a log message is only generated when the limit is reached, not when a SYN is dropped. I'd suggest you look into the SNMP metric and how it is measured. Keep in mind that the licensed limit only applies to client side connections, not any related server side SSL processing.