Unanswered Question

I am working on a WAAS installation where we want to accelerate SFTP traffic over a pair of data center accelerators. Will WAAS support SFTP acceleration or is there another alternative we could deploy - such as migrating the current SFTP setup to a FTP over SSL/TLS scenario. The requirement is that we keep the secure file transfer in place but increase the performance of the transfer. Today the SFTP transfers are taking 8 times longer than a typical FTP transfer without WAAS. SFTP could still benefit from the TFO optimizations however we are really looking for compression here since the link is currently 500Mbps +.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Bhavin Yadav Wed, 08/25/2010 - 18:08
User Badges:
  • Cisco Employee,


SSL AO can only be used for port 443 over https traffic. This will not accelerate SFTP  traffic. By default SFTP will only use TFO optimization.

Hope this helps.


PS: If this answers your question, please mark this as Answered.

svajirka Thu, 08/26/2010 - 15:26
User Badges:

Any chance you could setup an HTTPS server and use HTTPS for copying your files ?

You don't necessarily need to use a browser for such a transfer. Tools like wget can be used to transfer files over HTTPS.

Bhavin Yadav Thu, 08/26/2010 - 15:34
User Badges:
  • Cisco Employee,


I am not sure about the 3rd party tools but the SSL AO depends on the HTTP traffic pattern. Something like Connection Initiation, Connection closure, client behaviour, server behaviour, URI format,  etc.

If the third party tools are using same behaviour, yes you can but any diversion from RFC means you may not get the expected result.


PS: If this answers your question, please mark it as Answered.

Bhavin Yadav Fri, 08/27/2010 - 11:06
User Badges:
  • Cisco Employee,

A minor correction:

The  SSL accelerator does not optimize protocols that do not start their  SSL/TLS handshake from the very first byte. The only exception is HTTPS  going through a proxy (where the HTTP accelerator detects the start of  SSL/TLS, and then hands the connection to SSL accelerator for  optimization).

The SSL application accelerator supports SSL  Version 3 (SSLv3) and Transport Layer Security Version 1 (TLSv1)  protocols. TLSv1.1 and TLSv1.2 protocols are not supported.

So, in your case, you may be able to accelerate it but it will depend a lot on how the SSL/TLS handshake starts in yoru case.


This Discussion