05-29-2007 12:38 PM
Hi there...I have implemented an 11501 w/SSLM in our environment, and when the app teams are doing their testing, they are telling me thet the performance and speed is degraded when they are testing against the VIP versus against the actual backend host. I have done as much troubleshooting as I can and there is nothing out of the ordinary that I can see....below is a copy and paste of the relevant config portions.....maybe someone else can see something there that would explain this abnormal behavior...their testing took about 8 mins when they went straight to the host, and about 20 mins when they tested against the VIP...
Thanks in advance,
Sandeep
ssl-proxy-list my_secure_site
ssl-server 1
ssl-server 1 cipher rsa-with-rc4-128-md5 161.19.55.81 81
backend-server 10
backend-server 10 port 81
backend-server 10 server-ip 161.19.55.74
backend-server 20
backend-server 20 port 81
backend-server 20 server-ip 161.19.55.75
ssl-server 1 vip address 161.19.55.13
backend-server 10 ip address 161.19.55.74
backend-server 20 ip address 161.19.55.75
backend-server 10 cipher rsa-with-rc4-128-md5
backend-server 20 cipher rsa-with-rc4-128-md5
ssl-server 1 rsakey services-sys_key1
ssl-server 1 rsacert services-sys
backend-server 5
backend-server 5 ip address 161.19.65.51
backend-server 5 server-ip 161.19.65.51
backend-server 5 cipher rsa-with-rc4-128-md5
active
service backend1
ip address 161.19.55.74
type ssl-accel-backend
port 81
add ssl-proxy-list my_secure_site
keepalive port 443
keepalive type ssl
protocol tcp
active
service backend2
ip address 161.19.55.75
type ssl-accel-backend
port 81
keepalive port 443
keepalive type ssl
protocol tcp
add ssl-proxy-list my_secure_site
active
service backend5
ip address 161.19.65.51
type ssl-accel-backend
port 81
add ssl-proxy-list my_secure_site
keepalive port 443
keepalive type ssl
protocol tcp
active
service ssl_front
slot 2
type ssl-accel
keepalive type none
add ssl-proxy-list my_secure_site
active
owner my_secure_site
content back
vip address 161.19.55.81
add service backend1
add service backend2
advanced-balance sticky-srcip
protocol tcp
port 81
url "/*"
active
content front
vip address 161.19.55.13
application ssl
add service ssl_front
protocol tcp
port 443
active
05-30-2007 06:21 AM
for better performance, you want to use the following commands
ssl-server 1 tcp virtual nagle disable
ssl-server 1 tcp server nagle disable
ssl-server 1 tcp virtual ack-delay 0
ssl-server 1 tcp server ack-delay 0
ssl-server 1 ssl-queue-delay 0
If that does not improve the situation, get a sniffer trace of the best performance[ w/o css] and the worst performance [w/ css] and compare the 2.
There are other possible connection tuning.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide