For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stefan_Magnus_L's avatar
Stefan_Magnus_L
Icon for Nimbostratus rankNimbostratus
Oct 01, 2013

SSL transaction TPS rate limit

Hi there,   We're doing some load testing and hitting the SSL transaction rate limit. Does anyone know what a SSL transaction actually is?   Is it related to the * number of ssl handshakes per...
application delivery
deployment
performance
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Oct 01, 2013

Performance testing without 'SSL resume' and KeepAlive will probably give a clear picture of platform capacity and should allow a realistic vendor comparison.

 

That´s why they should match 1:1 the observed TCP connection rate and HTTP request rate.

 

In real world these numbers will not be the same.

 

With HTTP KeepAlive an existing TCP connection will be reused to carry multiple requests and related replies. A browser establishes a couple of concurrent connections to a virtual server and tries to resume previous SSL connections (shared secret stored in both peers in cache) to save expensive key negotiations. Whenever a connection handling is internally handed over for offload after the TCP 3-way handshake it will be counted as a transaction, regardless if it is a resume, re- or new negotiation as Aaron already wrote. Applying i.e. OneConnect allows clientside KeepAlive helps to reduce the TCP connection rate and lowers the number of SSL TPS significantly.