Understand SSL TPS

摘自：http://ipneter.blog.51cto.com/341177/428931

The meaning of ssl tps is intricate, and confused me for a long time.

TPS means the transactions per second, but what ‘s the true meaning of transaction in ssl. As we all know, there are two leading products F5 BIG-IP and netscaler. And how to explain ssl tps about this two manufacturers.

How to explain SSL TPS in BIG-IP?

F5, the maximum tps is licensed to purchase. Usually, it has a small tps by default, and you can check  out the maximum number of clientside ssl tps by this command:grep "perf_SSL_total_TPS :" /config/bigip.license.

When calculating the number of SSL sessions, the BIG-IP system counts all new clientside SSL sessions and all clientside SSL sessions that are resumed. The BIG-IP system measures SSL TPS based on clientside connection attempts to any virtual server configured with a clientssl profile. SSL TPS is enforced across a sliding time window. The BIG-IP system utilizes a 10ms window (1/100 of a second) to calculate the current TPS. If the number of TPS requests within any 10ms window exceeds 1/100 of the licensed TPS, an error message regarding the TPS limit being reached is sent to the /var/log/ltm file.

In BIG-IP versions 9.0 and later, the system checks if TPS is available at the time a SYN request is received for a virtual server with a clientssl profile. If the system has reached its maximum  licensed TPS level at the time the SYN request is received, the SYN request is silently dropped and not passed to the SSL accelerator for processing. However, in most cases, the client will re-transmit the SYN request, typically a few seconds later. Therefore, traffic which slightly exceeds the system's licensed TPS may result in noticeable user connection latency rather than complete failure. Traffic levels which greatly exceed the system's licensed TPS may result in failures to establish some connections.

摘自http://support.f5.com/kb/en-us/solutions/public/6000/400/sol6475.htm

从如上描述能够如此理解SSL TPS：TPS即CPS，即每秒新建ssl的connection数量，包含SID复用的connection。
So a transaction just means a established ssl connection.
一、当客户端和服务器新建一个全新链接的时候，计算一个TPS。
二、当客户端从新发起链接创建请求并reuse SSL Session ID的时候，计算一个TPS。
三、TPS值和在一个链接中执行了多少次HTTP request/response没有关系。
四、若是应用当前是部署在HTTP协议上，须要添加HTTPS处理的时候，能够估算须要的TPS数量等于VS或者应用服务器上的每秒新建链接数。

How to explain SSL TPS in netscaler?

I found nothing about the meaning of ssl tps in netscaler. But I discussed it with a tac senior engineer named joe, and which is the same as BIG-IP.

Normally, there are some hardware accelerators to process the ssl transaction in BIG-IP or netscaler. Since SSL transactions, establishing the initial SSL handshake requiers CPU-intensive public key encryption operations. Most handshake operations are associated with the exchange of the SSL session key(client key exchange message). the whole SSL transaction procedure is processed in hardware except the tcp handshake. The tcp handshake is processed in cpu. So if it exceeds up to ssl transaction limition, the tcp connection may grow up, but the ssl traffic falls down.