> -We've done some rudimentary load-testing with our boxes. We put
> about 150 sustained ssl connections through a pair of SCA's running
> 3.0.5 code. Under that load, each SCA bounced between 20-40% cpu.
This isn't really testing what SSL accelerators are designed for. Most
use hardware acceleration only for the intensive asymmetric encryption
and let the main CPU handle the symmetric crypto. Boxes that can only
handle 100 new RSA handshakes per second could easily sustain a few
hundred DES/3DES connections pushing a few bytes through.
In fact, 150 sustained connections sounds to be pretty terrible given
that almost a year ago when I was rather heavily involved in that
industry, the market leaders were pushing over 600 new connections per
Just a heads-up for anyone performance testing SSL accelerators. Make
sure that your test tool is not performing SSL session resumptions
unless you want it to. I found at least one tool that claimed to be
making new RSA handshakes when in fact it was just doing session
resumptions based on cached SSL session IDs. The performance numbers
with that test tool were needless to say, quite good. Also most vendors
test while requesting a 0 byte file using a low-grade cipher. The hit
of having to do symmetric crypto on the main CPU to actually transfer
data rarely linear.
The Load Balancing Mailing List
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 23:42:08 EST