Support for Intel Coleto SSL chip based platforms

The following appliances ship with Intel Coleto chips:

  • MPX 5900
  • MPX/SDX 8900
  • MPX/SDX 15000
  • MPX/SDX 15000-50G
  • MPX/SDX 26000
  • MPX/SDX 26000-50S
  • MPX/SDX 26000-100G

Use the ‘show hardware’ command to identify whether your appliance has Coleto (COL) chips.

> sh hardware

    Platform: NSMPX-8900 8*CPU+4*F1X+6*E1K+1*E1K+1*COL 8955 30010
    Manufactured on: 10/18/2016
    CPU: 2100MHZ
    Host Id: 0
    Serial no: CRAC5CR8UA
    Encoded serial no: CRAC5CR8UA
 Done
<!--NeedCopy-->

Note: Secure renegotiation is supported on the back end for these platforms.

Limitations:

  • DH 512 cipher is not supported.
  • SSLv3 protocol is not supported.
  • Hardware security module (HSM) is not supported.
  • GnuTLS is not supported.
  • ECDSA certificates with ECC curves P_224 and P521 are not supported (Not supported on platforms with Cavium chips also.)
  • DNSSEC offload is not supported.

View the SSL chip utilization on Citrix ADC MPX platforms

From release 13.0 build 47.x, you can view the SSL chip utilization on MPX platforms that ship with Intel Coleto chips. This feature is not supported on the SDX platform and on an MPX cluster.

At the command prompt, type:

> stat ssl


SSL Summary


# SSL cards present                                4

# SSL cards UP                                     4

SSL engine status                                  1

SSL sessions (Rate)                              0

SSL Crypto Utilization Asym (%)                    67

SSL Crypto Utilization Symm (%)                    19
<!--NeedCopy-->
Support for Intel Coleto SSL chip based platforms