05-14-2004 11:28 AM
Hi,
I have two CSSs with redundant VIPs and SSL Modules sitting between clients and IIS servers. We have a document management application running there. Clients come in over tcp port 443, behind the CSS it's all port 80. When going over the CSS, users complain about the applications slow response. Bypassing the CSS is much quicker, even if the server itself has to do the SSL part.
My question: does anybody know, how much performance loss (content rule lookup, routing, SSL en-/decription etc.) is to be expected when using a CSS?
Thanks
Darko
05-16-2004 10:59 PM
Hi Darko,
I've not seen a speed loss when doing SSL-offloading. Are you sure traffic is passing correctly through the CSS and is not cought somewhere in the chain (client-css-ssl-server-ssl-css-client) with delays like DNS-Timeouts and so on?
I would try a sniffertrace in front of the CSS an behind the CSS. Furhter I would do a trace in front of the server. This will tell you where time gets lost. (e.g. packet leaves the CSS towards the server and the answer is delayed etc.) Although I would analyse the traffic if all is HTTPS or if the page is a mixture of http and https which might confuse the CSS if not set up properly.
Hope that helps in solving the problem...
Regards,
Joerg
05-17-2004 10:29 AM
Darko,
Try to implement the CSS without routing, the CSS is not a great router.
Regards
GF
05-17-2004 10:45 AM
I have run in both bridged mode and router mode, and found no performance difference between the two. I did have significant stability problems in bridged mode though.
I use TCP and URL based rules and have had no problems there either.
I'd suggest looking at your traffic path to make sure that you're not running into any route redirects, loops, parallel paths or other issues that could be introducing delay.
I have not used the internal SSL module (I have external SSL accelerators) so I'm not sure what might affect performance there.
05-19-2004 03:16 AM
Hi,
verify that you are Using the Keepalive mode on HTTP Connections on your Servers, so the HTTP Connections can be used for more than one object.
Check the TCP Nagle configuration, if you are using Windows Clients or Server, disabel the TCP Nagle.
Check the SSL-Quey Delay, set this to a very small value or 0 to disable this.
Then you see better Performances.
When you are having only small traffic, the SSL Module wont be better i think. Its something to offload you webserver CPUs.
Best Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide