Hi, I've a new VIP on a VIPRION A109 running 22.214.171.124. I'm aware that on this platform ECDHE ciphers can't be accelerated so have changed from them to AES128-GCM-SHA526:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA but still 90% of my traffic on both client and server sides are having TLS handled in software, 10% in partial. absolutely none in hardware.
Are there any obvious gotchas around this, as everything I can see should say this should have a huge performance benefit, which isn't happening.
EDIT - I've since found that it's AES-GCM ciphers that it's still not liking. Using the CBC other ones explicilty, i do see full hardware acceleration. But the documentation states AES-GCM should work fine?
Hello can you share where it is mentioned that AES-GCM should do full SSL offload for your platform, version and vCMP?
As I see that this has been recently added Hardware acceleration for AES-GCM is now available for vCMP guests on the B2100, B2150, B4200, or B4... and SSL hardware acceleration is always showing partial (f5.com) I think that probably it is normal to be partual and full and also the vCMP host not only vCMP quest should be using the newer version.
Also maybe check SSL hardware mode for the vCMP quest as maybe if you switch to dedicated or add more CPU cores it may help.