Featured Article

SSL Performance Results: F5 VIPRION B4450 Test With Ixia CloudStorm 100GE

In April 2017, Ixia used its CloudStorm 100GE Application and Security Test Load Module to run an SSL performance test on an F5 VIPRION B4450 Application Delivery Controller blade in a VIPRION C4480 chassis. The C4480 chassis can hold up to four blades (and the C4800 chassis holds up to eight), but two blades were sufficient for testing purposes. F5’s VIPRION chassis can scale linearly, so with a full chassis of B4450 blades, the test results would scale to 8x the following results.

Additional details can also be found in Ixia’s blog post, Understanding Factors That Impact Encryption Performance.

When testing was complete, Ixia reported the results below:

Client SSL and Server Cleartext


SSL Cipher


Keys


VIPRION B4450 ADC


Throughput


CPS
(SR=0)


ECDHE-ECDSA-AES128-SHA256 secp384r1


P-384


53 Gbps


64 k


ECDHE-ECDSA-AES128-SHA256 prime256v1


P-256


53 Gbps


105 k


AES128-GCM-SHA2


2048


90 Gbps


160 k

Testing Process and Environment

The products went through the following multi-phase testing process:

  1. Preliminary Testing: Create and validate the configuration for each Device Under Test (DUT) so that all DUTs manage the network traffic the same way.
  2. Exploratory Testing: This determines the best test settings for each device and reveals how well it performs in each type of test. The DUTs configuration is finalized during this phase.
  3. Final Testing: Each type of test is run multiple times. Testing is repeated until there are at least three good runs that consistently produced the best results. It can take many runs of a test to reach this standard of consistency.
  4. Ensuring Error-free Runs: The test results are closely analyzed to ensure the achieved performance is without any errors. If there are any retries above tolerance levels, or any resets, the results are rejected.
  5. Determine Best Results: The three best test runs for each type of test are examined in detail to identify which one produced the best overall performance. The results of the best run for each type of test are what is used in this report. 


In total, more than 120 test runs were conducted in order to produce these results.

Ixia’s CloudStorm Application and Security Test Load Module delivers an architecture that allows concurrent emulation of complex applications, SSL encrypted applications, and a large volume of DDoS traffic to validate that network infrastructure is high performing and secure. CloudStorm supports up to 12 blades in a chassis, and is driven by Ixia’s BreakingPoint and IxLoad test solutions for application delivery and security resiliency testing. With a single blade in the chassis, CloudStorm is capable of achieving 90 Gbps of encrypted throughput and 160 k connections per second with not any session reuse with strong ciphers and key sizes.

Products Tested

Ixia tested a F5 VIPRION B4450 Application Delivery Controller (ADC) blade running in a C4480 chassis.

SSL Processing Tests

Max Connections per Second Performance Test (CPS)

To measure the maximum number of SSL handshakes per second, Ixia used an HTTP GET requesting a page size of 1024 bytes. Ixia selected HTTP 1.0 to ensure the connection would be terminated as soon as the transfer was completed, and a new connection opened for the next transaction.

  • SSL version: TLS 1.2 for all ciphers
  • Key size: 2K for RSA-based keys
  • Curve size: 256 for curve based ciphers
  • Session reuse: off


Max Encrypted Bandwidth Test (Throughput)

To measure the maximum number of SSL handshakes per second, Ixia used an HTTP GET requesting a page size of 1 MB. Ixia selected HTTP 1.1; a single SSL connection saw multiple Get requests of 1 MB page size, and the response from the server with a 1 MB page.

  • SSL version: TLS 1.2 for all ciphers
  • Key size: 2K for RSA-based keys
  • Curve size: 256 for curve based ciphers
  • Session reuse: off


Each session comprised an SSL handshake with unique public-private key pairs for the asymmetric key exchange that led to the unique key used to encrypt the data transfer.

Conclusion

As more businesses move to ECC cipher suites for perfect forward secrecy, the need for solutions that ensure application performance will grow. In a previous article (SSL Performance Results: F5 BIG-IP iSeries vs. Citrix and A10) F5 showed the results from internal testing. Now an independent third-party source, Ixia, has demonstrated that F5’s VIPRION 4450 blade provides an unparalleled platform to stay in front of existing trends, and prepare for unforeseen changes and fundamental shifts—positioning the enterprise for future security, scalability, and reliability.