During stress testing in our lab, I am experiencing 100% CPU utilization on my SSL module and am trying to find some definitive information regarding exactly what the SSL module capabilities are with regard to simultaneous connections, maximum traffic capabilities, etc... I have seen a few references to this type of information in these forums, but no detailed information, like a link to supporting documentation on Cisco's website.
What we have is a 11506 running WebNS software version sg0750105s and during our load testing, we have found that when approaching 1,000 simultaneous SSL connections, the SSL CPU is reaches 100%. I am attaching our test script and resulting stats. As you can see, as our load test ramps from 200 to 400 to 600 to 800 and finally to 1,000 connections, until the SSL CPU finally reaches 99% and we then begin to experience dropped connections.
Any ideas on how we can configure the CSS in software to better handle the required SSL connections? Our test requirements are actually for 1,500 simultaneous connections... which we have yet to accomplish.
Any help is greatly appreciated.
Around 18 months ago, I opened a case with TAC on SSL performance and following numbers were given to me in reply
"Transactions per second: 1000 per module (4 modules max)
RSA operations per second: 4,000 per module
Concurrent sessions: 40,000 per module
Bulk encryption performance: 256 Mbps per module
The SSL peformance is bound to the limitation of the card and not the code."
Some one from Cisco can verify these numbers.