ZVA64EE3110.2 PERFORMANCE BENCHMARK SOFINTEL IT ENGINEERING, S.L.



Similar documents
ZEN NETWORKS 3300 PERFORMANCE BENCHMARK SOFINTEL IT ENGINEERING, S.L.

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

Stress Testing for Performance Tuning. Stress Testing for Performance Tuning

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Configuring Nex-Gen Web Load Balancer

4D v11 SQL Release 6 (11.6) ADDENDUM

Configuring Secure Socket Layer HTTP

Hardware Recommendations

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

Summary of Results. NGINX SSL Performance

Zeus Traffic Manager VA Performance on vsphere 4

NEFSIS DEDICATED SERVER

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

IERG 4080 Building Scalable Internet-based Services

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Ignify ecommerce. Item Requirements Notes

Network Management Card Security Implementation

Riverbed Stingray Traffic Manager VA Performance on vsphere 4 WHITE PAPER

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

So in order to grab all the visitors requests we add to our workbench a non-test-element of the proxy type.

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Deployment Guide Microsoft IIS 7.0

Chapter 7 Transport-Level Security

Server Scalability and High Availability

ALOHA LOAD BALANCER MANAGING SSL ON THE BACKEND & FRONTEND

Is Your SSL Website and Mobile App Really Secure?

DNA. White Paper. DNA White paper Version: 1.08 Release Date: 1 st July, 2015 Expiry Date: 31 st December, Ian Silvester DNA Manager.

Overview. SSL Cryptography Overview CHAPTER 1

Deployment Guide Oracle Siebel CRM

Load Balancing VMware Horizon View. Deployment Guide

A Comparative Study on Vega-HTTP & Popular Open-source Web-servers

OpenFlow with Intel Voravit Tanyingyong, Markus Hidell, Peter Sjödin

Product Version 1.0 Document Version 1.0-B

Citrix XenApp 6.5 and XenDesktop 5.6 Security Standards and Deployment Scenarios Supplementary scenarios

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Network Security Essentials Chapter 5

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

StreamServe Persuasion SP4 Service Broker

, ) I Transport Layer Security

CumuLogic Load Balancer Overview Guide. March CumuLogic Load Balancer Overview Guide 1

HTTP Reverse Proxy Scenarios

Improving OpenSSL* Performance

2014 IBM Corporation

TESTING & INTEGRATION GROUP SOLUTION GUIDE

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Load Balancing VMware Horizon View. Deployment Guide

Security Protocols/Standards

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Deployment Guide AX Series with Citrix XenApp 6.5

Rally Installation Guide

F-Secure Internet Gatekeeper Virtual Appliance

SSL DOES NOT MEAN SOL What if you don t have the server keys?

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Thunder ADC for Epic Systems

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Transport Layer Security Protocols

A Hybrid Web Server Architecture for Secure e-business Web Applications

Agility Database Scalability Testing

HOB Remote Desktop VPN Secure access for remote workers and business partners to your enterprise network

ACE Management Server Deployment Guide VMware ACE 2.0

Load Balancing Oracle Application Server (Oracle HTTP Server) Quick Reference Guide

Learning Network Security with SSL The OpenSSL Way

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Performance test report

Virtual Managment Appliance Setup Guide

This section contains information intended to help plan for SocialMiner installation and deployment.

Syncplicity On-Premise Storage Connector

Criteria for web application security check. Version

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Transport Level Security

Communication Systems SSL

ShadowLink 2. Overview. May 4, ONLINE SUPPORT emdat.com/ticket/ PHONE SUPPORT (608) ext. 1

Topics in Network Security

Firewall Load Balancing

Virtual Web Appliance Setup Guide

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

IronPort X1000 Security System

Maximizing Performance with SPDY & SSL. Billy Hoffman

Performance test of Voyage on Alix Board

New CICS support for Secure Sockets Layer

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

Understanding Slow Start

Application Delivery Controller (ADC) Implementation Load Balancing Microsoft SharePoint Servers Solution Guide

Flexible Routing and Load Control on Back-End Servers. Controlling the Request Load and Quality of Service

Enterprise Manager. Version 6.2. Installation Guide

Configuring iplanet 6.0 Web Server For SSL and non-ssl Redirect

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Experian Secure Transport Service

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Benchmarking and monitoring tools

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Check Point FireWall-1 HTTP Security Server performance tuning

Transcription:

SOFINTEL IT ENGINEERING, S.L. JUN 2014

Table of Contents 1 Benchmark scenario... 3 2 Benchmark cases... 4 2.1 HTTP Profile with HTTPS Offload Listener, 1k key ssl certificate with RC4-SHA algorithm (stronger cipher)... 4 2.2 HTTP Profile with HTTPS Offload Listener, 1k key ssl certificate with ECDHE-RSA- AES256-GCM-SHA384 algorithm (weaker cipher)... 5 2.3 HTTP Profile with HTTPS Offload Listener, 2k key ssl certificate with RC4-SHA algorithm (stronger cipher and higher key)... 6 2.4 HTTP Profile with HTTP Listener... 7 2.5 L4xNAT Profile with HTTP Protocol... 8 3 Results sumary... 10 Page 2 of 10

1 Benchmark scenario The scenario applied consists in 3 connected networks via the virtual appliance. The networks are defined as follows: 1. Management Network: 192.168.0.0/24 Eth0: 192.168.0.99 in 2. Service Network: 172.16.1.0/24 Eth1: 172.16.1.1 in Client: 172.16.1.2 3. Backends Network: 172.16.2.0/24 Eth2: 172.16.2.1 in Backend: 172.16.2.2 The provides a ZenLB EE 3.04 version with 2 vcores with HT (2 virtual sockets with 2 cores per socket, with a maximum of CPU resources reservation and Internal Hyperthreaded core sharing enabled) over a physical VMWare ESXi 5.5 Server with a CPU Intel Core i5 660 (2 cores with HT) 3.33G and 4 GB of RAM DDR3. The client and backend hosts have not been overloaded along the benchmark tasks. The client side process used is ab v2.3 (ApacheBench) that will run a big amount of web requests directly to the load balancer. The backend is configured with a simple but powerful web server end called httpterm v1.7.2, which will receive the client requests and will return back an empty web page (0 bytes). Page 3 of 10

2 Benchmark cases 2.1 HTTP Profile with HTTPS Offload Listener, 1k key ssl certificate with RC4- SHA algorithm (stronger cipher) Farm Configuration: Farm Profile: HTTP Modified Farm Parameters: Executed command in Client host: Number of working threads: 2000 Farm Listener: HTTPS Ciphers: Custom Security Customize your Ciphers: RC4 SHA Farm Virtual IP and Virtual Port: 172.16.1.1:443 Key certificate used: 1k # ab n 20000 c 10000 https://172.16.1.1/ This command runs 20,000 requests with a 10,000 of concurrent active connections. The result is shown below: Server Software: Server Hostname: 172.16.1.1 Server Port: 443 SSL/TLS Protocol: TLSv1.2,RC4 SHA,1024,128 Document Path: / Document Length: 0 bytes Concurrency Level: 10000 Time taken for tests: 16.574 seconds Complete requests: 20000 Failed requests: 0 Total transferred: 2920501 bytes HTML transferred: 0 bytes Requests per second: 1206.68 [#/sec] (mean) Time per request: 8287.226 [ms] (mean) Time per request: 0.829 [ms] (mean, across all concurrent requests) Transfer rate: 172.08 [Kbytes/sec] received Connection Times (ms) min mean[+/ sd] median max Connect: 658 6142 2784.0 6284 16444 Processing: 1 98 239.2 10 1841 Waiting: 1 91 234.2 6 1771 Total: 1449 6240 2658.4 6293 16452 Percentage of the requests served within a certain time (ms) 50% 6293 66% 7006 75% 7551 80% 7966 90% 9026 Page 4 of 10

95% 10718 98% 13776 99% 14463 100% 16452 (longest request) 2.2 HTTP Profile with HTTPS Offload Listener, 1k key ssl certificate with ECDHE-RSA-AES256-GCM-SHA384 algorithm (weaker cipher) Farm Configuration: Farm Profile: HTTP Modified Farm Parameters: Executed command in Client host: Number of working threads: 2000 Farm Listener: HTTPS Ciphers: Custom Security Customize your Ciphers: ECDHE RSA AES256 GCM SHA384 Farm Virtual IP and Virtual Port: 172.16.1.1:443 Used certificate: 1k # ab n 20000 c 10000 https://172.16.1.1/ This command runs 20,000 requests with a 10,000 of concurrent active connections. The result is shown below: Server Software: Server Hostname: 172.16.1.1 Server Port: 443 SSL/TLS Protocol: TLSv1.2,ECDHE RSA AES256 GCM SHA384,1024,256 Document Path: / Document Length: 0 bytes Concurrency Level: 10000 Time taken for tests: 27.083 seconds Complete requests: 20000 Failed requests: 0 Total transferred: 2922339 bytes HTML transferred: 0 bytes Requests per second: 738.47 [#/sec] (mean) Time per request: 13541.490 [ms] (mean) Time per request: 1.354 [ms] (mean, across all concurrent requests) Transfer rate: 105.37 [Kbytes/sec] received Connection Times (ms) min mean[+/ sd] median max Connect: 741 8505 3350.1 9025 25351 Processing: 50 2205 237.9 2247 3409 Waiting: 13 1100 134.7 1117 2761 Total: 1256 10710 3417.5 11226 26851 Percentage of the requests served within a certain time (ms) Page 5 of 10

50% 11226 66% 11784 75% 11826 80% 11862 90% 13394 95% 18068 98% 18121 99% 19318 100% 26851 (longest request) 2.3 HTTP Profile with HTTPS Offload Listener, 2k key ssl certificate with RC4- SHA algorithm (stronger cipher and higher key) Farm Configuration: Farm Profile: HTTPS Modified Farm Parameters: Executed command in Client host: Number of working threads: 2000 Farm Listener: HTTPS Ciphers: Custom Security Customize your Ciphers: RCA SHA Farm Virtual IP and Virtual Port: 172.16.1.1:443 Used certificate: 2k # ab n 20000 c 10000 https://172.16.1.1/ This command runs 20,000 requests with a 10,000 of concurrent active connections. The result is shown below: Server Software: Server Hostname: 172.16.1.1 Server Port: 443 SSL/TLS Protocol: TLSv1.2,RC4 SHA,2048,128 Document Path: / Document Length: 0 bytes Concurrency Level: 10000 Time taken for tests: 31.558 seconds Complete requests: 20000 Failed requests: 0 Total transferred: 2926238 bytes HTML transferred: 0 bytes Requests per second: 633.74 [#/sec] (mean) Time per request: 15779.245 [ms] (mean) Time per request: 1.578 [ms] (mean, across all concurrent requests) Transfer rate: 90.55 [Kbytes/sec] received Connection Times (ms) min mean[+/ sd] median max Connect: 1008 11525 4984.3 12140 30423 Page 6 of 10

Processing: 1 326 439.0 176 3702 Waiting: 1 308 439.1 156 3695 Total: 1756 11851 4781.6 12320 30611 Percentage of the requests served within a certain time (ms) 50% 12320 66% 12934 75% 14574 80% 15728 90% 17779 95% 18732 98% 23761 99% 24389 100% 30611 (longest request) 2.4 HTTP Profile with HTTP Listener Farm Configuration: Farm Profile: HTTP Modified Farm Parameters: Executed command in Client host: Number of working threads: 2000 Farm Listener: HTTP Farm Virtual IP and Virtual Port: 172.16.1.1:80 # ab n 40000 c 20000 http://172.16.1.1/ This command runs 40,000 requests with a 20,000 of concurrent active connections. The result is shown below: Server Software: Server Hostname: 172.16.1.1 Server Port: 80 Document Path: / Document Length: 0 bytes Concurrency Level: 20000 Time taken for tests: 8.723 seconds Complete requests: 40000 Failed requests: 0 Total transferred: 5842551 bytes HTML transferred: 0 bytes Requests per second: 4585.68 [#/sec] (mean) Time per request: 4361.403 [ms] (mean) Time per request: 0.218 [ms] (mean, across all concurrent requests) Transfer rate: 654.10 [Kbytes/sec] received Connection Times (ms) min mean[+/ sd] median max Connect: 0 584 998.2 2 3014 Processing: 1 2663 1858.4 2385 8402 Page 7 of 10

Waiting: 0 2661 1860.4 2384 8401 Total: 1 3247 2241.9 2864 8710 Percentage of the requests served within a certain time (ms) 50% 2864 66% 3971 75% 4746 80% 5300 90% 6859 95% 7608 98% 8166 99% 8362 100% 8710 (longest request) 2.5 L4xNAT Profile with HTTP Protocol Farm Configuration: Farm Profile: L4xNAT Modified Farm Parameters: Executed command in Client host: Farm Virtual IP and Virtual Port: 172.16.1.1:80 # ab n 200000 c 20000 http://172.16.1.1/ This command runs 200,000 requests with a 20,000 of concurrent active connections. The result is shown below: Server Software: Server Hostname: 172.16.1.1 Server Port: 80 Document Path: / Document Length: 0 bytes Concurrency Level: 20000 Time taken for tests: 13.061 seconds Complete requests: 200000 Failed requests: 0 Total transferred: 29349204 bytes HTML transferred: 0 bytes Requests per second: 15312.75 [#/sec] (mean) Time per request: 1306.101 [ms] (mean) Time per request: 0.065 [ms] (mean, across all concurrent requests) Transfer rate: 2194.42 [Kbytes/sec] received Connection Times (ms) min mean[+/ sd] median max Connect: 80 410 603.9 246 7304 Processing: 92 356 463.5 287 9184 Waiting: 71 286 463.6 213 9184 Total: 211 766 787.1 547 12285 Percentage of the requests served within a certain time (ms) 50% 547 Page 8 of 10

66% 590 75% 614 80% 667 90% 1499 95% 1656 98% 3553 99% 4270 100% 12285 (longest request) Page 9 of 10

3 Results sumary Please find in the following table the performance benchmark results for all cases over the ZVA64 EE 3110.2 virtual appliance: Test Number Connections Concurrency Ciphers Protocols 1 20,000 10,000 RC4-SHA 2 20,000 10,000 ECDHE- RSA- AES256- GCM- SHA384 3 20,000 10,000 RC4-SHA 4 40,000 20,000 5 200,000 20,000 HTTP Farm with HTTPS Listener HTTP Farm with HTTPS Listener HTTP Farm with HTTPS Listener HTTP and HTTP Listener L4xNAT with HTTP Protocol Asymmetric key size Test time (secs) 1024 16.57 1024 27.08 2048 31.56 8.72 13.06 Page 10 of 10