Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

TLS not being offloaded on VIPRION

Chris_Phillips
Nimbostratus
Nimbostratus

‎12-Jul-2022 01:20 - edited ‎12-Jul-2022 04:52

Hi, I've a new VIP on a VIPRION A109 running 13.1.1.5. I'm aware that on this platform ECDHE ciphers can't be accelerated so have changed from them to AES128-GCM-SHA526:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA but still 90% of my traffic on both client and server sides are having TLS handled in software, 10% in partial. absolutely none in hardware.

Are there any obvious gotchas around this, as everything I can see should say this should have a huge performance benefit, which isn't happening.

EDIT - I've since found that it's AES-GCM ciphers that it's still not liking. Using the CBC other ones explicilty, i do see full hardware acceleration. But the documentation states AES-GCM should work fine?

Labels:
0 Kudos
4 REPLIES 4

Nikoolayy1
MVP
MVP

‎12-Jul-2022 08:12 - edited ‎12-Jul-2022 08:35

Hello can you share where it is mentioned that AES-GCM should do full SSL offload for your platform, version and vCMP?

 

As I see that this has been recently added Hardware acceleration for AES-GCM is now available for vCMP guests on the B2100, B2150, B4200, or B4... and SSL hardware acceleration is always showing partial (f5.com) I think that probably it is normal to be partual and full and also the vCMP host not only vCMP quest should be using the newer version.

 

 

Also maybe check  SSL hardware mode for the vCMP quest as maybe if you switch to dedicated or add more CPU cores it may help.

 

0 Kudos

Chris_Phillips
Nimbostratus
Nimbostratus

‎13-Jul-2022 00:44

I based it on this https://support.f5.com/csp/article/K13213 although compared to the v10 article linked in it, the word "full" is absent. Also though I noticed that the c2400 host is still running 11.4.1, so I would guests explains why I'm not seeing acceleration on the 13.1.1.5 guest?

0 Kudos

Nikoolayy1
MVP
MVP
In response to Chris_Phillips

‎13-Jul-2022 01:09

Better upgrade the host and then see the results as 11.4.1 is an old version, so an upgrade will good in any case.

0 Kudos

Chris_Phillips
Nimbostratus
Nimbostratus

‎13-Jul-2022 01:15

Oh absolutely, very much out of my hands in that area though!

0 Kudos
Copyright © 2023 Khoros, LLC