Wednesday, January 19, 2011

ACE TCP Offload

This white paper provides more details about 2 options regarding ACE TCP offload, namely TCP connection reuse and SSL Acceleration.

TCP connection reuse - TCP connections pooling to eliminate the server connection processing bottleneck
SSL Acceleration - Offloading SSL processing onto the ACE Module

HTTP persistent connections, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using the same TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new one for every single request/response pair. Using persistent connections is very important for improving HTTP performance. The advantages are even more obvious with HTTPS or HTTP over SSL/TLS. There, persistent connections may reduce the number of costly SSL/TLS handshake to establish security associations, in addition to the initial TCP connection set up.

See more info about HTTP keep-alive in JDK

SSL hardware accelerator is performing SSL offloading, because part of the SSL processing is “offloaded” from the server’s CPU to the card’s co-processor. The term “offloading,” however, is generally used to describe an appliance or a completely separate computer that performs all SSL processing, so that the SSL load is taken off of the Web server completely.

SSL offloading can greatly increase the performance of your secure Web servers, thus increasing customer satisfaction. However, offloading means the SSL connection extends only from client to offloader, not from client to server. Data passes across the network unencrypted from offloader to server.

No comments:

Post a Comment