ASM impact on ltm

Question

I am designing an F5 LTM LB/WAF solution for a new customer and need to know what impact adding ASM functionality has on the LTM/Big IP device to make sure I'm right-sizing the proposed solution for their needs.
For reference the client's current F5 LTM 1600 is under no real stress - throughput peaked at 70Mbps but averages 40 - Peak traffic was 10,000 concurrent connections - Averages 60 new connections per second.
I had thought that the 2000S would be overly sufficient for this client but the ASM piece has me hesitant.&nbsp;
Looking for any kind of "sizing rule of thumb" for adding ASM to an LTM or whether I'm way off.
Thank you very much.&nbsp;

vijay_e · Answer

With the newer SSL cipher suites, you are better off using the 2000s platform which can handle the newer ciphers better than the older platform like 1600. As a rule of thumb, based on experience, I would recommend planning for a 20-30% hit in resource utilization for the same amount of traffic in order to add a new ASM module to the existing LTM module. However, this is quite a generic recommendation and could vary depending on traffic characteristics.

Forum Discussion

ASM impact on ltm

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Remove subnet from NAT pools without any impact

ASM logs

K14823198: ASM guided configuration not synced to peer device after upgrade impact

Does Spring4Shell impacts on F5 AWS WAF?

SPDY/HTTP2 Profile Impact on Variable Use