Re: [load balancing] F5 LTM hitting SSL TPS license limit

From: Kenneth Salchow <k.salchow [izzat] f5.com>
Date: Tue Feb 24 2009 - 14:17:08 EST

[Hamish Wrote]

I can answer that one. The limit is connections only. You can test
this by enforcing or removing HTTP keepalives. Some services (Patrol
web interface springs to mind) require using oneConnect if you're
offloading SSL to ensure you don't run out of SSL TPS's.

[KJSJ] You are correct--the count is essentially a count of active client
sessions being handled--not the number of requests within the secure session
that takes place.

It's worth noting however that there still appears to be confusion
within F5 over what exactly constitutes an SSL TPS... It was only
around september last year that an engineer tried to tell me that the
v4 method of NOT counting resumed sessions was still valid for v9. In
fact until recently it was even documented that way on the F5
website). (I think it's been ammended on tech.f5.com, but I could be
wrong on that one).

[KJSJ] You are, once again, correct. According to this solution
https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.html,
which was updated this past January, TPS counts both New SSL Sessions AND
Resumed SSL Sessions. You are also correct in that there is some confusion
even internally as to what constitutes a TPS. Hopefully, this conversation
will help us fix that as well.

KJ (Ken) Salchow, Jr.  |  Manager, Technical Marketing

-----Original Message-----
From: lb-l-bounces@vegan.net [mailto:lb-l-bounces@vegan.net] On Behalf Of
Hamish Marson
Sent: Tuesday, February 24, 2009 4:19 AM
To: Load Balancing Mailing List; Rosenberry, Eric
Subject: Re: [load balancing] F5 LTM hitting SSL TPS license limit

Quoting "Rosenberry, Eric" <eric.rosenberry@iovation.com>:

> Kenneth-
>

[deleted]

>
> Also, as a point of clarification- Do multiple HTTP GET requests
> within a single TCP/SSL session count against the SSL TPS limit, or
> is it only counted as a single connect. (I do know that resumed SSL
> sessions that span multiple TCP connections are treated as separate
> SSL setups license wise)
>

I can answer that one. The limit is connections only. You can test
this by enforcing or removing HTTP keepalives. Some services (Patrol
web interface springs to mind) require using oneConnect if you're
offloading SSL to ensure you don't run out of SSL TPS's.

It's worth noting however that there still appears to be confusion
within F5 over what exactly constitutes an SSL TPS... It was only
around september last year that an engineer tried to tell me that the
v4 method of NOT counting resumed sessions was still valid for v9. In
fact until recently it was even documented that way on the F5
website). (I think it's been ammended on tech.f5.com, but I could be
wrong on that one).

H

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
http://lbwiki.com Load Balancing Wiki

_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
http://lbwiki.com Load Balancing Wiki

Received on Tue Feb 24 14:17:07 2009

This archive was generated by hypermail 2.1.8 : Tue Feb 24 2009 - 14:17:08 EST