https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411483#M7358 <HTML><HEAD></HEAD><BODY><P>disable the following where? On the CSM or the ssl module? thanks</P></BODY></HTML> Mon, 26 Sep 2005 16:24:53 GMT bustaj691 2005-09-26T16:24:53Z https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411481#M7356 <P>We have a network segment that has a perimeter pix 535 and behind it two 6500 switches, each has a CSM and a SSL module. We can only hit a max throughput of about 42Mbps when we run a loadrunner test going to one ssl module on https traffic. We add a second SSL module to the CSM loadbalancing and we were able to increase to another 41 Mbps totalling our throughput to about 82 Mbps overall.</P><P></P><P>We are running software version 2.1(4) on the SSL modules. I noticed the following in the ssl modules while the modules were taking in at about 22 Mbps:</P><P></P><P>dmzssl1.frsat#sh ssl-proxy status tcp</P><P>TCP cpu is alive!</P><P>TCP cpu utilization:</P><P> % process util : 7 % interrupt util : 0</P><P> proc cycles : 0xA93422B253E int cycles : 0xD916CBD43A</P><P> total cycles: 0x96016CBCDE38</P><P> % process util (5 sec) : 60 % interrupt util (5 sec) : 2 </P><P> % process util (1 min) : 51 % interrupt util (1 min): 1</P><P> % process util (5 min) : 51 % interrupt util (5 min) : 1 </P><P>dmzssl1.frsat#sh ssl-proxy status ssl</P><P>SSL cpu is alive!</P><P>SSL cpu utilization:</P><P> % process util : 0 % interrupt util : 0</P><P> proc cycles : 0xAA820CE45C int cycles : 0x278569E70</P><P> total cycles: 0x9602074A99C8</P><P> % process util (5 sec) : 3 % interrupt util (5 sec) : 0 </P><P> % process util (1 min) : 3 % interrupt util (1 min): 0</P><P> % process util (5 min) : 3 % interrupt util (5 min) : 0 </P><P></P><P>Not sure on how to read these, but does this mean that the tcp process is kind of struggling compared to the ssl process?</P><P></P><P>We are expecting the ssl modules to be able to handle more traffic than just 41 Mbps. It's not really close to what Cisco claims in their data sheets.</P><P></P><P>Is there something else I need to look at or some performance tuning I can do in the ssl module to support more bandwidth? Please help. thanks</P> Mon, 19 Sep 2005 17:32:18 GMT https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411481#M7356 bustaj691 2005-09-19T17:32:18Z https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411482#M7357 <HTML><HEAD></HEAD><BODY><P>Check for close queueing traffic models, if it is enabled try disabling it.</P><P></P><P>Also try disabling both the <TCP virtual="" nagle="" disable=""> &amp; <TCP server="" nagle="" disable=""> with</TCP></TCP></P><P><SSL-QUEUE-DELAY 0="">.</SSL-QUEUE-DELAY></P><P></P><P>This will improve the throughput</P></BODY></HTML> Fri, 23 Sep 2005 13:39:16 GMT https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411482#M7357 pradeepde 2005-09-23T13:39:16Z https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411483#M7358 <HTML><HEAD></HEAD><BODY><P>disable the following where? On the CSM or the ssl module? thanks</P></BODY></HTML> Mon, 26 Sep 2005 16:24:53 GMT https://community.cisco.com/t5/application-networking/ssl-module-throughput-issue/m-p/411483#M7358 bustaj691 2005-09-26T16:24:53Z