If all you are going to do to test the accelerator/server combination is fetch some static content, then your job is fairly easy: Load-test the server using HTTP connections fetching the static content, until you either reach a server bottleneck (CPU/Memory/IO) or achieve your max number of connections. Increase the number of servers (with the appropriate load balancer) as needed until you can support the required number of connections. Then insert your SSL hardware, and generate the load using HTTPS. You should observe an increase in transaction times since the load generators have to do the crypto processing in software. In fact, you may end up needing more generators to compensate for that additional workload. That's a pretty simplified approach, but should serve to get you started. It's been my experience that in real-world usage, the limits encountered at first are more related to the web server and any application server/middleware, primarily in the ability to handle lots of simultaneous sessions and maintain persistence data for all of them. The crypto processing on the accelerators is rarely a performance issue unless you are talking about very static HTML content. Best wishes from another Nortel employee,
Timothy M. Metzinger, CISSP, PMP Northop Grumman Information Technologies/Nortel Government Solutions Department of the Treasury Office of the Chief Information Officer HR Connect Program Office 202-622-0579(voice) "HR Connect: Connecting people, performance, and technology" -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Johnson Sent: Tuesday, February 13, 2007 11:59 AM To: openssl-users@openssl.org Subject: SSL Scaling Question Hi. I'm new to this forum and was wondering if I could get some assistance. I have an SSL Acceleration device that is comparable of supporting 50,000 concurrent connections. I would like to put this in my lab here at work and test the upper limit of this device. I'm concerned about the backend web server needed for this test effort. I'm trying to find out what the "appropriate" number of backend servers needed to test the upper limit of the SSL device. If I understand correctly each backend server is going to have an upper limit of 65535 TCP ports that can be opened (as the Source IP will most likely always be the SSL device). On the surface it looks like the backend server "should" be enough to handle the upper limit of the SSL device. However, that assumes that every connection is successful and the backend server has enough other resources to handle the load. Does anybody have any practical experience with this? And any recommendations on the number of backend servers at a specific load? Thanks in advance Eric Johnson Nortel Networks SQA Engineer [EMAIL PROTECTED]
