Going through the datasheet documents for SSL orchestrator and Platform I see different throughput values for SSL orchestrator Throughput vs Platform L7-L7 traffic processing throughput.
What is the difference between these throughput? Using SSL Orchestrator does the Platform throughput decrease and limited to what SSL orchestrator Maximum Throughput is ?
The platform data sheet is giving you raw throughput for the device. And for SSL (TLS handshake and encryption) these numbers reflect a single decrypt operation.
SSL Orchestrator throughput differs then in the following ways:
SSL is almost always decrypt AND re-encrypt, so would theoretically be half of the platform SSL numbers.
SSL forward proxy requires the BIG-IP to forge the server certificate to the client, which is a heavier function. That's why forward proxy and reverse numbers in the SSL Orchestrator data sheet are different.
SSL Orchestrator uses CPU (compute) to drive traffic through the service chain, and is thus affected by the number of security devices in the chain. This is why the SSL Orchestrator data sheet provides different throughput numbers for 1, 2, and 3 devices.
The platform data sheet is giving you raw throughput for the device. And for SSL (TLS handshake and encryption) these numbers reflect a single decrypt operation.
SSL Orchestrator throughput differs then in the following ways:
SSL is almost always decrypt AND re-encrypt, so would theoretically be half of the platform SSL numbers.
SSL forward proxy requires the BIG-IP to forge the server certificate to the client, which is a heavier function. That's why forward proxy and reverse numbers in the SSL Orchestrator data sheet are different.
SSL Orchestrator uses CPU (compute) to drive traffic through the service chain, and is thus affected by the number of security devices in the chain. This is why the SSL Orchestrator data sheet provides different throughput numbers for 1, 2, and 3 devices.
Reading article Update or upgrade the F5 SSL Orchestrator | BIG-IP update and upgrade guide, sounds like SSL Orchestrator contains significant stability improvements in 16.1.x - 9.x. Since, we haven't provisioned SSL Orchestrator in v15.x devices, would it be wise to upgrade device to 16.1.x and provision/configure SSLO. I think this will help in us doing the workaround mentioned in the article.
@DevBabu - If your post was solved it would be helpful to the community if you selected *Accept As Solution* on the relevant reply (or replies). This helps future readers & searchers find answers more quickly and confirms the efforts of those who helped. (Thanks @Kevin_Stewart)
