F5 VIPRION 4450 Blade Delivers Unparalleled SSL Performance

To meet the challenges of a world where SSL is everywhere, all the time, enterprises must choose ciphers that are secure yet scalable—and deploy high performance application delivery solutions, including SSL offload, that can best adapt to today’s rapidly-changing encryption landscape.

F5’s latest VIPRION blade—the B4450 with 100G ports and SSL acceleration hardware—follows on the innovative and groundbreaking VIPRION Clustered Multi-Processing architecture that we introduced approximately 10 years ago. VIPRION enables true, on-demand scalability without application disruption as traffic processing increases.

So when Ixia launched CloudStorm 100GE, a cloud-scale application delivery and network security test platform capable of conducting multi-terabyte application performance testing, we invited them to put our VIPRION 4450 on the hot seat. (You can read more from Ixia on the topic here.) Ixia VP of Product Development Ram Periakaruppan told us, “F5 is the only SSL solution to achieve this level of performance using our CloudStorm 100G traffic generation module.”

SSL/TLS: It’s Everywhere, All the Time, and It’s Really Demanding.

When the first widely-available web browser made its debut circa 1990, it was a huge milestone for the internet—and with it came a need for greater security. SSLv3 was the first usable, relatively secure transport layer encryption protocol, and it soon became a mark of trust for internet properties.

And in October 2016 we saw another major milestone in internet history, though it received much less publicity. Both Mozilla and Chrome telemetry showed that the majority of encrypted page requests outnumbered those of unencrypted page requests. For the first time, the majority of the internet was encrypted in transit. This turning point was of profound interest to us, because a significant percentage of encrypted traffic is decrypted by F5 devices.

In today’s threat landscape, a simple SSL certificate is no longer the reliable mark of trust that it was in the early days of the web. Vendors have responded with a wave of enhancements in the encryption space:

• According to Google’s Transparency Report on HTTPS, the top 100 sites on the internet default to HTTPS with a modern TLS configuration.
• Google boosts the search ranking of websites that support SSL.
• Elliptic curve cryptography (ECC) and perfect forward secrecy (PFS) are being rapidly adopted by consumer and B2B companies alike.
• PFS usage has increased from one-third to two-thirds of all sampled data in two years.
  

Over at F5 Labs, David Holmes wrote about the need for always-on SSL, everywhere:

Forrester Research security analyst John Kindervag writes of an approach to security called the Zero Trust Model (ZTM). The premise of ZTM is that architecture is much more robust with regards to security if every component in the network distrusts every other component and treats all inter-device traffic as if it had already bypassed other security measures. There is adoption around this model in many network architectures, especially ones where security boundaries are particularly porous, such as enterprise-to-cloud and business-to-business-to-cloud.

The result of all these enhancements for the enterprise? Better security—but also a need for hardware that can handle the processing demands that ECC and PFS exert on them. The IDC white paper The Blind State of SSL/TLS Traffic: Are Your Cyber Threats Visible? states that when SSL/TLS traffic inspection is enabled, general performance can be negatively impacted by nearly 75%.

This is why we’re so excited about the results Ixia reported when it tested the VIPRION 4450 with CloudStorm 100GE. Our solutions are built to handle the demands of security and performance of today’s internet, and these numbers show that. Check out the test results and additional methodology details.