Forum Discussion
MW1
Cirrus
CirrusWeb portal very slow (on larger pages) when using SSL
Hi all,
I have a ASP.NET site which is accessed on HTTPS, on certain pages which load a reasonable amount of javascript is taking up to 10 seconds (user says 20...users).. The F5 is load balancing two windows 2008 servers running IIS on port 80. I first thought it may have been the stream profile I've had to put in to do a rewrite on the HTTP links however. I created a test VS on the F5 and removed the stream/rewrite which had no effect (there are no other irules in place, using the standard HTTP profiles, src IP tracking persistence) , however removing the SSL and switching to straight HTTP immediately resolves the issue and the page takes a second or less to load.
The only thing I have altered really alter from the standard is my cipher list is:
-ALL: !ADH: !LOW: !EXP: !SSLv2:!NULL:HIGH:MEDIUM:RSA:RC4:
I'm a little lost why the SSL would cause such a performance hit to the loading, when my stats do not show the bigip box is under heavy load - has anyone else run in to a similar situation?
thanks in advance
1 Reply
hoolioCirrostratus
Hi MW,
I'd start troubleshooting this with a browser plugin or proxy on the client. You can use HttpFox for Firefox or Fiddler2 for any browser to trace the HTTP requests and responses. Once you have an idea of when the latency is occurring, you can try testing against a test VS with the same configuration. If you need to decrypt the SSL, you can use tcpdump to capture a trace and then use ssldump to decrypt it. There are solutions on AskF5 and a lot of online resources for using tcpdump and ssldump.
sol411: Overview of packet tracing with the tcpdump utility
http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html
sol10209: Overview of packet tracing with the ssldump utility
http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
Fiddler2 FAQ videos
http://www.fiddler2.com/fiddler/help/video/
Aaron
