Forum Discussion

DevBabu's avatar
DevBabu
Icon for Cirrus rankCirrus
Aug 09, 2022
Solved

BIG-IP SSL orchestrator Throughput vs platform Throughput

Going through the datasheet documents for SSL orchestrator and Platform I see different throughput values for SSL orchestrator Throughput vs Platform L7-L7 traffic processing throughput. What is the...
  • Kevin_Stewart's avatar
    Aug 22, 2022

    The platform data sheet is giving you raw throughput for the device. And for SSL (TLS handshake and encryption) these numbers reflect a single decrypt operation. 

    SSL Orchestrator throughput differs then in the following ways:

    • SSL is almost always decrypt AND re-encrypt, so would theoretically be half of the platform SSL numbers.
    • SSL forward proxy requires the BIG-IP to forge the server certificate to the client, which is a heavier function. That's why forward proxy and reverse numbers in the SSL Orchestrator data sheet are different.
    • SSL Orchestrator uses CPU (compute) to drive traffic through the service chain, and is thus affected by the number of security devices in the chain. This is why the SSL Orchestrator data sheet provides different throughput numbers for 1, 2, and 3 devices.

     

  • Kevin_Stewart's avatar
    Aug 25, 2022

    It is definitely worthwhile to start with SSLO 9.x (9.3 on BIG-IP 16.1.3 is the latest 9.x release as of Aug 2022).