Forum Discussion
NimbostratusSSL transaction TPS rate limit
Hi there,
We're doing some load testing and hitting the SSL transaction rate limit. Does anyone know what a SSL transaction actually is?
Is it related to the * number of ssl handshakes per sec? * https requests per sec * number of regenotiations per sec * a combination of all of these
Cheers
Stefan
4 Replies
What_Lies_Bene1Cirrostratus
It should all be detailed here: http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.html. If there's anything missing, post back.
hoolioAs WLB noted, SOL6475 covers the enforcement logic:
The BIG-IP system utilizes a 10ms window (1/100 of a second) to calculate the current TPS. If the number of TPS requests within any 10ms window exceeds 1/100 of the licensed TPS, an error message regarding the TPS limit being reached is sent to the /var/log/ltm file.
A TPS for licensing enforcement is a new, resumed or renegotiated clientside SSL handshake.
Aaron
StephanMantheyNacreous
Performance testing without 'SSL resume' and KeepAlive will probably give a clear picture of platform capacity and should allow a realistic vendor comparison.
That´s why they should match 1:1 the observed TCP connection rate and HTTP request rate.
In real world these numbers will not be the same.
With HTTP KeepAlive an existing TCP connection will be reused to carry multiple requests and related replies. A browser establishes a couple of concurrent connections to a virtual server and tries to resume previous SSL connections (shared secret stored in both peers in cache) to save expensive key negotiations. Whenever a connection handling is internally handed over for offload after the TCP 3-way handshake it will be counted as a transaction, regardless if it is a resume, re- or new negotiation as Aaron already wrote. Applying i.e. OneConnect allows clientside KeepAlive helps to reduce the TCP connection rate and lowers the number of SSL TPS significantly.
Stefan_Magnus_LThanks guys for great answers.
