Expected SSL throughput rates for a single transaction
Hello,
We have built an 'application' that terminates client ssl, then via irules extracts certain certificate fields of user information, determines the correct pool of servers to send them to and does so, encrypting on the backend as well. Both front and back use 2048-bit certs. We are doing this on C2400 Viprion with two 2100 blades. The guest in question has 2 cores per slot and is active on both slots.
Removing all irules and doing just a client and server ssl profile, we can only achieve a max of 47Mb/s (6MB/s) of throughput on a good day. We have a 40G uplink trunk that isn't congested at all, so this appears to be strictly limited to the SSL engine performance.
I know the glossy states 9.0Gb/s aggregate performance per blade, but engineering will not give me expected rates for a single SSL flow through the box. I've had to report to my customers that the most I can guarantee them is 8MB/s per flow and no one is happy.
I know performance/L4 virtual server types perform better, but you cannot assign ssl profiles to them or irules with http events - which makes that type unusable for SSL offload.
Has anyone tested the throughput of a single SSL offload flow? What rates have you been able to achieve? This is a low TPS function, with a high bulk transfer (15-70G files). Think medical imagery..
Thanks, Chad