Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
4
Replies

Performance loss using CSS11506

d-simic
Level 1
Level 1

‎05-14-2004 11:28 AM

Hi,

I have two CSSs with redundant VIPs and SSL Modules sitting between clients and IIS servers. We have a document management application running there. Clients come in over tcp port 443, behind the CSS it's all port 80. When going over the CSS, users complain about the applications slow response. Bypassing the CSS is much quicker, even if the server itself has to do the SSL part.

My question: does anybody know, how much performance loss (content rule lookup, routing, SSL en-/decription etc.) is to be expected when using a CSS?

Thanks

Darko

Labels:
0 Helpful
4 Replies 4

jfoerster
Level 4
Level 4

‎05-16-2004 10:59 PM

Hi Darko,

I've not seen a speed loss when doing SSL-offloading. Are you sure traffic is passing correctly through the CSS and is not cought somewhere in the chain (client-css-ssl-server-ssl-css-client) with delays like DNS-Timeouts and so on?

I would try a sniffertrace in front of the CSS an behind the CSS. Furhter I would do a trace in front of the server. This will tell you where time gets lost. (e.g. packet leaves the CSS towards the server and the answer is delayed etc.) Although I would analyse the traffic if all is HTTPS or if the page is a mixture of http and https which might confuse the CSS if not set up properly.

Hope that helps in solving the problem...

Regards,

Joerg

0 Helpful

gvpelt
Level 1
Level 1

‎05-17-2004 10:29 AM

Darko,

Try to implement the CSS without routing, the CSS is not a great router.

Regards

GF

0 Helpful

d.parks
Level 1
Level 1

‎05-17-2004 10:45 AM

I have run in both bridged mode and router mode, and found no performance difference between the two. I did have significant stability problems in bridged mode though.

I use TCP and URL based rules and have had no problems there either.

I'd suggest looking at your traffic path to make sure that you're not running into any route redirects, loops, parallel paths or other issues that could be introducing delay.

I have not used the internal SSL module (I have external SSL accelerators) so I'm not sure what might affect performance there.

0 Helpful

Sbutzek
Level 1
Level 1
In response to d.parks

‎05-19-2004 03:16 AM

Hi,

verify that you are Using the Keepalive mode on HTTP Connections on your Servers, so the HTTP Connections can be used for more than one object.

Check the TCP Nagle configuration, if you are using Windows Clients or Server, disabel the TCP Nagle.

Check the SSL-Quey Delay, set this to a very small value or 0 to disable this.

Then you see better Performances.

When you are having only small traffic, the SSL Module wont be better i think. Its something to offload you webserver CPUs.

Best Regards

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card