The meaning of ssl tps is intricate, and confused me for a long time.
TPS means the transactions per second, but what ‘s the true meaning of transaction in ssl. As we all know, there are two leading products F5 BIG-IP and netscaler. And how to explain ssl tps about this two manufacturers.
How to explain SSL TPS in BIG-IP?
F5, the maximum tps is licensed to purchase. Usually, it has a small tps by default, and you can check out the maximum number of clientside ssl tps by this command:grep "perf_SSL_total_TPS :" /config/bigip.license.
When calculating the number of SSL sessions, the BIG-IP system counts all new clientside SSL sessions and all clientside SSL sessions that are resumed. The BIG-IP system measures SSL TPS based on clientside connection attempts to any virtual server configured with a clientssl profile. SSL TPS is enforced across a sliding time window. The BIG-IP system utilizes a 10ms window (1/100 of a second) to calculate the current TPS. If the number of TPS requests within any 10ms window exceeds 1/100 of the licensed TPS, an error message regarding the TPS limit being reached is sent to the /var/log/ltm file.
In BIG-IP versions 9.0 and later, the system checks if TPS is available at the time a SYN request is received for a virtual server with a clientssl profile. If the system has reached its maximum licensed TPS level at the time the SYN request is received, the SYN request is silently dropped and not passed to the SSL accelerator for processing. However, in most cases, the client will re-transmit the SYN request, typically a few seconds later. Therefore, traffic which slightly exceeds the system's licensed TPS may result in noticeable user connection latency rather than complete failure. Traffic levels which greatly exceed the system's licensed TPS may result in failures to establish some connections.
从如上描述可以如此理解SSL TPS:TPS即CPS,即每秒新建ssl的connection数量,包含SID复用的connection。
So a transaction just means a established ssl connection.
1、当客户端和服务器新建一个全新连接的时候,计算一个TPS。
2、当客户端重新发起连接建立请求并reuse SSL Session ID的时候,计算一个TPS。
3、TPS值和在一个连接中执行了多少次HTTP request/response没有关系。
4、如果应用当前是部署在HTTP协议上,需要添加HTTPS处理的时候,可以估算需要的TPS数量等于VS或者应用服务器上的每秒新建连接数。
So a transaction just means a established ssl connection.
1、当客户端和服务器新建一个全新连接的时候,计算一个TPS。
2、当客户端重新发起连接建立请求并reuse SSL Session ID的时候,计算一个TPS。
3、TPS值和在一个连接中执行了多少次HTTP request/response没有关系。
4、如果应用当前是部署在HTTP协议上,需要添加HTTPS处理的时候,可以估算需要的TPS数量等于VS或者应用服务器上的每秒新建连接数。
How to explain SSL TPS in netscaler?
I found nothing about the meaning of ssl tps in netscaler. But I discussed it with a tac senior engineer named joe, and which is the same as BIG-IP.
Normally, there are some hardware accelerators to process the ssl transaction in BIG-IP or netscaler. Since SSL transactions, establishing the initial SSL handshake requiers CPU-intensive public key encryption operations. Most handshake operations are associated with the exchange of the SSL session key(client key exchange message). the whole SSL transaction procedure is processed in hardware except the tcp handshake. The tcp handshake is processed in cpu. So if it exceeds up to ssl transaction limition, the tcp connection may grow up, but the ssl traffic falls down.