![]() This is all that is needed to actually "enable" SSL termination. The most important part of this configuration is selecting an SSL Profile for the "Client", but not for the "Server". Getting Startedįor those not familiar with a Big-IP load balancer's administration, most of the configuration is done via a web interface, accessible via the device's IP address. By using hardware-level decryption at the load balancer, the web server software (or reverse-proxy software like nginx or Varnish) can focus on serving pages. Now there are certainly ways to speed up SSL (using faster cyphers for example), but the fact remains that SSL is expensive. Comparing against nginx or Varnish, the slowness ratio increases as they serve HTTP traffic even faster. Yikes, HTTPS is 12 times slower than HTTP! Not to mention more processor intensive. Time per request: 20.609 (mean, across all concurrent requests) Transfer rate: 816.54 receivedĪb -c 100 -n 100 Requests per second: 48.52 (mean) ![]() Time per request: 1.636 (mean, across all concurrent requests) Just serving up a static text file:Īb -c 100 -n 100 Requests per second: 611.21 (mean) In a quick, largely unscientific test, here are two Apache Bench results against a stock Apache install, one with SSL and one without. HTTPS requests (and more specifically, the SSL handshaking to start the connection) is incredibly expensive, often on the magnitude of at least 10 times slower than normal HTTP requests. ![]() One of the primary reasons for investing in an F5 is for the purpose of SSL Offloading, that is, converting external HTTPS traffic into normal HTTP traffic so that your web servers don't need to do the work themselves. At Lullabot several of our clients have invested in powerful (but incredibly expensive) F5 Big-IP Load Balancers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |