SSL TPS limist

Hi Joe,

 

 

This article should give you some options for starting:

 

 

SNMP: Capturing SSL Statistics per Virtual Server

 

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=127

 

 

Aaron

Ah... Also be aware that the SSL TPS calculations may not be performed as you expect. A 100TPS license won't necessarily give you 100 transactions over a 1 second period, especially if the load is peaky... Counts of transactions are groups over a 10ms period. If you exceed 1/100 of the limit in a 10ms period, you'll hit the limit and the next connection will be blocked.

 

 

There's an overview in

 

 

https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.html

 

 

The net effect is that if you've had too many TPS's in the 10ms window, the SYN packet will be dropped... The connection will then stall until the SYN is retried. Hopefully succeeding (leading to slow performance).

 

 

A good measure of when to get nervous is around half (1/2) the licensed limit (If you see 50TPS over a 60 second window I'd get nervous with a 100TPS license).

 

 

H

 

 

Oh... Also ensure that your clients do HTTP keepalives... because in 9.x+ you get counted per connection... If your servers don't doit, then oneconnect with a 32-bit netmask is your friend here.

 

 

H