ADC

Soporte para las plataformas basadas en chips Intel Coleto e Intel Lewisburg SSL

Los siguientes dispositivos vienen con chips Intel Coleto:

  • MPX 5900
  • MPX/SDX 8900
  • MPX/SDX 15000
  • MPX/SDX 15000-50G
  • MPX/SDX 26000
  • MPX/SDX 26000-50
  • MPX/SDX 26000-100G

El siguiente dispositivo se entrega con chips Intel Lewisburg:

  • MPX/SDX 9100
  • MPX/SDX 16000

Utilice el comando “show hardware” para identificar si su dispositivo tiene chips Coleto (COL) o Lewisburg (LBG).

> sh hardware

    Platform: NSMPX-8900 8\*CPU+4\*F1X+6\*E1K+1\*E1K+1*COL 8955 30010
    Manufactured on: 10/18/2016
    CPU: 2100MHZ
    Host Id: 0
    Serial no: CRAC5CR8UA
    Encoded serial no: CRAC5CR8UA
 Done
<!--NeedCopy-->
> sh hardware
        Platform: NSMPX-9100 10\*CPU+64GB+8\*F2X+E1K+1*LBG C627 35000
        Manufactured on: 10/1/2021
        CPU: 2300MHZ
        Host Id: 161644678
        Serial no: N2Z3ZD9S21
        Encoded serial no: N2Z3ZD9S21
        Netscaler UUID: 41a26261-227e-11ec-b4db-3cecef56f86b
        BMC Revision: 1.00
Done
<!--NeedCopy-->

Limitaciones

No se admiten los siguientes cifrados, protocolos y funciones:

  • Cifrado DH 512
  • Protocolo SSLv3
  • Azure Key Vault
  • GnuTLS
  • Certificados ECDSA con curvas ECC P_224 y P521
  • Descarga de DNSSEC

Nota La

compatibilidad con el módulo de seguridad de hardware (HSM) de Thales Luna Network está disponible en la versión 13.1, compilación 33.x, y versiones posteriores.

Vea el uso de chips SSL basado en software en las plataformas NetScaler MPX y SDX

A partir de la versión 13.1, versión 21.x, se añaden contadores para ver más detalles sobre el uso del chip SSL basado en software en las siguientes plataformas:

  • Plataformas MPX y SDX que se suministran con chips Intel Coleto.
  • Plataformas MPX que se suministran con chips Intel Lewisburg.

Nota:

Esta función no es compatible con las siguientes plataformas:

  • SDX 9100
  • MPX/SDX 16000

En el símbolo del sistema, escriba:

> stat ssl

SSL Summary

1.  SSL cards present 4
2.  SSL cards UP 4
    SSL engine status 1
    SSL sessions (Rate) 19849
    SSL Crypto Utilization Asym (%) 88
    SSL Crypto Utilization Symm (%) 1

Crypto Utilization(%)
Asymmetric Crypto Utilization 86.30
Symmetric Crypto Utilization 0.97

System
Transactions Rate (/s) Total
SSL transactions 19849 45900312
SSLv2 transactions 0 0
SSLv3 transactions 0 0
TLSv1 transactions 0 0
TLSv1.1 transactions 0 0
TLSv1.2 transactions 19849 45900312
TLSv1.3 transactions 0 0
DTLSv1 transactions 0 0
DTLSv1.2 transactions 0 0

Front End
Sessions Rate (/s) Total
SSL sessions 19849 45937019
SSLv2 sessions 0 0
SSLv3 sessions 0 0
TLSv1 sessions 0 0
TLSv1.1 sessions 0 0
TLSv1.2 sessions 19849 45937019
TLSv1.3 sessions 0 0
DTLSv1 sessions 0 0
DTLSv1.2 sessions 0 0
New SSL sessions 19881 50722628
SSL session misses 0 0
SSL session hits 0 0

Back End
Sessions Rate (/s) Total
SSL sessions 0 137
SSLv3 sessions 0 0
TLSv1 sessions 0 0
TLSv1.1 sessions 0 0
TLSv1.2 sessions 0 137
DTLSv1 sessions 0 0
Session multiplex attempts 0 0
Session multiplex successes 0 0
Session multiplex failures 0 0

Encryption/Decryption statistics
Crypto Operation Rate (bytes/s) Total Bytes
Bytes encrypted 24338213 27705995030
Bytes decrypted 24664169 27942280990
Done
<!--NeedCopy-->

Los valores de los siguientes contadores se logran al sondear el hardware:

-  SSL Crypto Utilization Asym (%) 88
-  SSL Crypto Utilization Symm (%) 1
<!--NeedCopy-->

Los valores de los siguientes contadores se logran con el software. Los valores pueden variar ligeramente de los valores encuestados por hardware.

  • Utilización de criptomonedas (%)
  • Utilización criptográfica asimétrica 85.92
  • Utilización criptográfica de RSA 11.43 RSA_4K 0.00 RSA_2K 11.43 RSA_1K 0.00 RSA_Otros 0.00
  • Utilización criptográfica DH 74.50 Utilización criptográfica ECDH 0.00 ECDH_P224 0.00 ECDH_P256 0.00 ECDH_P384 0.00 ECDH_P521 0.00
  • Utilización criptográfica ECDSA 0.00 ECDSA_P224 0.00 ECDSA_P256 0.00 ECDSA_P384 0.00 ECDSA_P521 0.00
  • Utilización criptográfica simétrica 0.72

Para una utilización granular por cifrado, ejecute el siguiente comando.

> stat ssl -detail

SSL Offloading

1.  SSL cards present 4
2.  SSL cards UP 4
    SSL engine status 1
    SSL sessions (Rate) 19862
    SSL Crypto Utilization Asym (%) 88
    SSL Crypto Utilization Symm (%) 1

Crypto Utilization(%)

Asymmetric Crypto Utilization 85.92

RSA Crypto Utilization 11.43
RSA_4K 0.00
RSA_2K 11.43
RSA_1K 0.00
RSA_Others 0.00

DH Crypto Utilization 74.50

ECDH Crypto Utilization 0.00
ECDH_P224 0.00
ECDH_P256 0.00
ECDH_P384 0.00
ECDH_P521 0.00

ECDSA Crypto Utilization 0.00
ECDSA_P224 0.00
ECDSA_P256 0.00
ECDSA_P384 0.00
ECDSA_P521 0.00

Symmetric Crypto Utilization 0.72
System
Transactions Rate (/s) Total
SSL transactions 19861 46039342
SSLv2 transactions 0 0
SSLv3 transactions 0 0
TLSv1 transactions 0 0
TLSv1.1 transactions 0 0
TLSv1.2 transactions 19861 46039342
TLSv1.3 transactions 0 0
DTLSv1 transactions 0 0
DTLSv1.2 transactions 0 0
Server in record 117437 277622634
Front End
Sessions Rate (/s) Total
SSL sessions 19862 46076050
SSLv2 sessions 0 0
SSLv3 sessions 0 0
TLSv1 sessions 0 0
TLSv1.1 sessions 0 0
TLSv1.2 sessions 19862 46076050
TLSv1.3 sessions 0 0
DTLSv1 sessions 0 0
DTLSv1.2 sessions 0 0
New SSL sessions 19801 50861234
SSL session misses 0 0
SSL session hits 0 0
Session Renegotiation
SSL session renegotiations 0 0
SSLv3 session renegotiations 0 0
TLSv1 session renegotiations 0 0
TLSv1.1 session renegotiations 0 0
TLSv1.2 session renegotiations 0 0
DTLSv1 session renegotiations 0 0
DTLSv1.2 session renegotiations 0 0
Key Exchanges
RSA 512-bit key exchanges 0 0
RSA 1024-bit key exchanges 0 2032658
RSA 2048-bit key exchanges 0 143
RSA 3072-bit key exchanges 0 7757028
RSA 4096-bit key exchanges 0 2238698
DH 512-bit key exchanges 0 0
DH 1024-bit key exchanges 0 0
DH 2048-bit key exchanges 19862 5477702
DH 4096-bit key exchanges 0 0
ECDHE 521 curve key exchanges 0 0
ECDHE 384 curve key exchanges 0 0
ECDHE 256 curve key exchanges 0 28569821
ECDHE 224 curve key exchanges 0 0
Total ECDHE key exchanges 0 28569821
Ciphers Negotiated
RC4 40-bit encryptions 0 0
RC4 56-bit encryptions 0 0
RC4 64-bit encryptions 0 0
RC4 128-bit encryptions 0 0
DES 40-bit encryptions 0 0
DES 56-bit encryptions 0 0
3DES 168-bit encryptions 0 0
AES 128-bit encryptions 0 0
AES 256-bit encryptions 19862 17506229
RC2 40-bit encryptions 0 0
RC2 56-bit encryptions 0 0
RC2 128-bit encryptions 0 0
AES-GCM 128-bit encryptions 0 0
AES-GCM 256-bit encryptions 0 28569821
Null cipher encryptions 0 0
Hashes
MD5 hashes 0 0
SHA hashes 0 12028527
SHA256 hashes 19862 5477702
SHA384 hashes 0 0
Handshakes
SSLv2 SSL handshakes 0 0
SSLv3 SSL handshakes 0 0
TLSv1 SSL handshakes 0 0
TLSv1.1 SSL handshakes 0 0
TLSv1.2 SSL handshakes 19862 46076050
TLSv1.3 SSL handshakes 0 0
DTLSv1 SSL handshakes 0 0
DTLSv1.2 SSL handshakes 0 0
Client Authentications
SSLv2 client authentications 0 0
SSLv3 client authentications 0 0
TLSv1 client authentications 0 0
TLSv1.1 client authentications 0 0
TLSv1.2 client authentications 0 0
TLSv1.3 client authentications 0 0
DTLSv1 client authentications 0 0
DTLSv1.2 client authentications 0 0
Authentications
RSA authentications 19862 17506229
DH authentications 0 0
DSS (DSA) authentications 0 0
ECDSA authentications 0 28569821
Null authentications 0 0
Back End
Sessions Rate (/s) Total
SSL sessions 0 137
SSLv3 sessions 0 0
TLSv1 sessions 0 0
TLSv1.1 sessions 0 0
TLSv1.2 sessions 0 137
DTLSv1 sessions 0 0
Session multiplex attempts 0 0
Session multiplex successes 0 0
Session multiplex failures 0 0
Session Renegotiation
SSL session renegotiations 0 0
SSLv3 session renegotiations 0 0
TLSv1 session renegotiations 0 0
TLSv1.1 back-end session renegot 0 0
TLSv1.2 back-end session renegot 0 0
DTLSv1 session renegotiations 0 0
Key Exchanges
RSA 512-bit key exchanges 0 0
RSA 1024-bit key exchanges 0 0
RSA 2048-bit key exchanges 0 137
RSA 3072-bit key exchanges 0 0
RSA 4096-bit key exchanges 0 0
DH 512-bit key exchanges 0 0
DH 1024-bit key exchanges 0 0
DH 2048-bit key exchanges 0 0
DH 4096-bit key exchanges 0 0
ECDHE 521 curve key exchanges 0 0
ECDHE 384 curve key exchanges 0 0
ECDHE 256 curve key exchanges 0 0
ECDHE 224 curve key exchanges 0 0
Ciphers Negotiated
RC4 40-bit encryptions 0 0
RC4 56-bit encryptions 0 0
RC4 64-bit encryptions 0 0
RC4 128-bit encryptions 0 0
DES 40-bit encryptions 0 0
DES 56-bit encryptions 0 0
3DES 168-bit encryptions 0 0
AES 128-bit encryptions 0 0
AES 256-bit encryptions 0 137
RC2 40-bit encryptions 0 0
RC2 56-bit encryptions 0 0
RC2 128-bit encryptions 0 0
AES-GCM 128-bit encryptions 0 0
AES-GCM 256-bit encryptions 0 0
Null encryptions 0 0
Hashes
MD5 hashes 0 0
SHA hashes 0 137
SHA256 hashes 0 0
SHA384 hashes 0 0
Handshakes
SSLv3 handshakes 0 0
TLSv1 handshakes 0 0
TLSv1.1 handshakes 0 0
TLSv1.2 handshakes 0 137
DTLSv1 handshakes 0 0
Client Authentications
SSLv3 client authentications 0 0
TLSv1 client authentications 0 0
TLSv1.1 client authentications 0 0
TLSv1.2 client authentications 0 0
DTLSv1 client authentications 0 0
Authentications
RSA authentications 0 137
DH authentications 0 0
DSS authentications 0 0
ECDSA authentications 0 0
Null authentications 0 0
System Total
RSA key exchanges offloaded 0 0
RSA sign operations offloaded 0 0
DH key exchanges offloaded 19841 5481037
RC4 encryptions offloaded 0 0
DES encryptions offloaded 0 0
AES encryptions offloaded 0 0
AES-GCM 128-bit encryptions offl 0 0
AES-GCM 256-bit encryptions offl 0 0
Encryption/Decryption statistics
Crypto Operation Rate (bytes/s) Total Bytes
Bytes encrypted 12129801 27790903638
Bytes encrypted in hardware 12129801 27790903638
Bytes encrypted in software 0 0
Bytes encrypted on the front-end 5450907 13430410630
Bytes encrypted in hardware on t 5450907 13430410630
Bytes encrypted in software on t 0 0
Bytes encrypted on the back-end 6678894 14360493008
Bytes encrypted in hardware on t 6678894 14360493008
Bytes encrypted in software on t 0 0
Bytes decrypted 12449504 28029427518
Bytes decrypted in hardware 12449504 28029427518
Bytes decrypted in software 0 0
Bytes decrypted on the front-end 8190208 19876552670
Bytes decrypted in hardware on t 8190208 19876552670
Bytes decrypted in software on t 0 0
Bytes decrypted on the back-end 4259296 8152874848
Bytes decrypted in hardware on t 4259296 8152874848
Bytes decrypted in software on t 0 0
SSL
Rate (/s) Total
Total SPCB in use -87 84656
Active SSL sessions -30309 5615559
Current queue size -1 4153
CardQ
Rate (/s) Total
In Q count for current card -1 4153
In BulkQ count for current card 0 0
In KeyQ count for current card -1 4153
Done
<!--NeedCopy-->

Notas

  • Se admite la partición de administración, pero la utilización de todas las particiones se muestra en la partición predeterminada. En particiones no predeterminadas, estos valores se muestran como 0.
  • En una configuración de clúster, la dirección CLIP muestra el uso promedio de todos los nodos del clúster. Para un uso específico de un nodo, ejecute el comando en la CLI de cada nodo. Estos datos pueden ser incorrectos para una plataforma SDX si los nodos del clúster están alojados en el mismo hardware.
  • Para las instancias VPX en la plataforma SDX, se muestra el uso de cada instancia VPX.
Soporte para las plataformas basadas en chips Intel Coleto e Intel Lewisburg SSL