Re: [load balancing] Questions regarding Cisco Secure Content Acc elerator

From: Steve Birnbaum (
Date: Wed Jan 16 2002 - 23:28:48 EST

  • Next message: Alex Samonte: "Re: [load balancing] Questions regarding Cisco Secure Content Acc elerator"

    > -We've done some rudimentary load-testing with our boxes. We put
    > about 150 sustained ssl connections through a pair of SCA's running
    > 3.0.5 code. Under that load, each SCA bounced between 20-40% cpu.

    This isn't really testing what SSL accelerators are designed for. Most
    use hardware acceleration only for the intensive asymmetric encryption
    and let the main CPU handle the symmetric crypto. Boxes that can only
    handle 100 new RSA handshakes per second could easily sustain a few
    hundred DES/3DES connections pushing a few bytes through.

    In fact, 150 sustained connections sounds to be pretty terrible given
    that almost a year ago when I was rather heavily involved in that
    industry, the market leaders were pushing over 600 new connections per

    Just a heads-up for anyone performance testing SSL accelerators. Make
    sure that your test tool is not performing SSL session resumptions
    unless you want it to. I found at least one tool that claimed to be
    making new RSA handshakes when in fact it was just doing session
    resumptions based on cached SSL session IDs. The performance numbers
    with that test tool were needless to say, quite good. Also most vendors
    test while requesting a 0 byte file using a low-grade cipher. The hit
    of having to do symmetric crypto on the main CPU to actually transfer
    data rarely linear.



    The Load Balancing Mailing List
    MRTG with SLB:
    Hosted by:

    This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 23:42:08 EST