NGINX Applications Offload

Leadership Performance Using proven TCP/IP Offload Engine (TOE) with Inline TLS/SSL Acceleration

Importance of TLS Protocol

Transport Layer Security (TLS) is the most widely used security protocol for encrypting traffic on the Internet and without doubt is the backbone of Internet security today. It protects HTTP websites, emails, and other data exchanged between web browsers and servers, ensuring that no one can eavesdrop or tamper with communications. TLS is used by all of today’s modern browsers and many online services expect clients to be able to use it before doing business with them.

The primary aim of TLS is to provide privacy, integrity, and authenticity using certificates, between clients and servers. TLS typically runs in the application layer and is computationally intensive due to the costly Public Key Exchange (PKE) calculations involved. Performance of TLS connections are influenced by network latency, bandwidth, as well as key size, algorithm, and cipher suite.

Chelsio T6 Crypto Offload

Chelsio Terminator 6 (T6) ASIC and SmartNIC products offer highly integrated, hyper-virtualized 10/25/40/50/100GbE solutions with inline TLS/SSL cryptographic functions which utilizes the built-in TCP/IP offload engine (TOE) to encrypt/decrypt data at 10/25/40/50/100GbE rates. Specifically, the in-line mode achieves TCP/IP processing and TLS/SSL AES/SHA processing in cut-through fashion to achieve optimal bandwidth and latency. T6 supports all the popular AES/SHA cipher suites in TLS/SSL in-line mode with up to 100Gbps bandwidth and less than 2ms end-to-end latency. T6 adapters support up to 32K simultaneous TLS sessions.

NGINX Web Server/Proxy/Load Balancer

NGINX is a lightweight, high-performance HTTP and reverse proxy/web server based on a Berkeley Source Distribution (BSD)-like license. It also provides the following services:

  • Internet Message Access Protocol (IMAP)
  • Post Office Protocol Version 3 (POP3)
  • Simple Mail Transfer Protocol (SMTP)

The NGINX architecture design is very flexible, with a small and simple kernel containing core modules, basic modules, and tripartite modules. It collaborates with modules through file static mapping and configurable instructions, highlighting significant advantages of high performance, high concurrency, and low memory in various application scenarios such as HTTP proxy, static and dynamic separation, load balancing, virtual host, reverse proxy, cache acceleration, authorized access, and others.

NGINX is commonly used to terminate encrypted SSL and TLS connections on behalf of upstream web and application servers. SSL termination at the edge of an application reduces the load on internal servers, simplifies certificate management and reduces certificate costs. However, because it is extremely CPU-intensive, it can create a scalability bottleneck that may limit growth.

NGINX Plus offered by F5 NGINX extends NGINX Open Source with advanced functionality and award winning support, providing customers with a complete application delivery solution. NGINX Plus combines a load balancer, content cache, web server, security controls, and rich application monitoring and management into one easy-to-use software package.

Chelsio T6 Performance Advantage for offloading NGINX Applications

The Chelsio T6 family provides significant performance, CPU utilization and TCO benefits when utilizing inline TLS/SSL offload and TOE capabilities compared to SSL and TCP/IP processing being performed on the server for NGINX applications. CPU Performance is delivered using a mainstream release of OpenSSL and extensions to NGINX to allow for asynchronous processing of TLS handshake operations through plugging in hardware-based cryptographic implementations through a standard provider/engine into OpenSSL.