摘自:http://ipneter.blog.51cto.com/341177/428931
The meaning of ssl tps is intricate, and confused me for a long time.
TPS means the transactions per second, but what ‘s the true meaning of transaction in ssl. As we all know, there are two leading products F5 BIG-IP and netscaler. And how to explain ssl tps about this two manufacturers.
How to explain SSL TPS in BIG-IP?
F5, the maximum tps is licensed to purchase. Usually, it has a small tps by default, and you can check out the maximum number of clientside ssl tps by this command:grep "perf_SSL_total_TPS :" /config/bigip.license.
When calculating the number of SSL sessions, the BIG-IP system counts all new clientside SSL sessions and all clientside SSL sessions that are resumed. The BIG-IP system measures SSL TPS based on clientside connection attempts to any virtual server configured with a clientssl profile. SSL TPS is enforced across a sliding time window. The BIG-IP system utilizes a 10ms window (1/100 of a second) to calculate the current TPS. If the number of TPS requests within any 10ms window exceeds 1/100 of the licensed TPS, an error message regarding the TPS limit being reached is sent to the /var/log/ltm file.
In BIG-IP versions 9.0 and later, the system checks if TPS is available at the time a SYN request is received for a virtual server with a clientssl profile. If the system has reached its maximum licensed TPS level at the time the SYN request is received, the SYN request is silently dropped and not passed to the SSL accelerator for processing. However, in most cases, the client will re-transmit the SYN request, typically a few seconds later. Therefore, traffic which slightly exceeds the system's licensed TPS may result in noticeable user connection latency rather than complete failure. Traffic levels which greatly exceed the system's licensed TPS may result in failures to establish some connections.
摘自http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.htm
從如上描述可以如此理解SSL TPS:TPS即CPS,即每秒新建ssl的connection數量,包含SID複用的connection。
So a transaction just means a established ssl connection.
1、當客戶端和服務器新建一個全新連接的時候,計算一個TPS。
2、當客戶端重新發起連接建立請求並reuse SSL Session ID的時候,計算一個TPS。
3、TPS值和在一個連接中執行了多少次HTTP request/response沒有關係。
4、如果應用當前是部署在HTTP協議上,需要添加HTTPS處理的時候,可以估算需要的TPS數量等於VS或者應用服務器上的每秒新建連接數。
How to explain SSL TPS in netscaler?
I found nothing about the meaning of ssl tps in netscaler. But I discussed it with a tac senior engineer named joe, and which is the same as BIG-IP.
Normally, there are some hardware accelerators to process the ssl transaction in BIG-IP or netscaler. Since SSL transactions, establishing the initial SSL handshake requiers CPU-intensive public key encryption operations. Most handshake operations are associated with the exchange of the SSL session key(client key exchange message). the whole SSL transaction procedure is processed in hardware except the tcp handshake. The tcp handshake is processed in cpu. So if it exceeds up to ssl transaction limition, the tcp connection may grow up, but the ssl traffic falls down.