What are the ONTAP KTLS handshake limits
Applies to
- ONTAP 9.13.1 and higher
- KTLS
Answer
- For ONTAP 9.13.1 and higher, KTLS handshake limits are based on the number of CPU cores.
- ONTAP 9.17.1 added a second, or deferral and pending request queue effectively doubling the size of the handshake limits for applications.
| Number of CPU Cores | 9.13.1 | 9.16.1 | 9.17.1 | ||
|---|---|---|---|---|---|
| Concurrent Handshake Limit | Concurrent Handshake Limit | Concurrent Handshake Limit | Deferral Queue | Total Effective Limit | |
| 1-2 | 50 |
50 |
50 | 50 | 100 |
| 3-6 | 90 | 90 | 90 | 90 | 180 |
| 7-14 | 130 | 130 | 130 | 130 | 260 |
| 15-30 | 170 | 170 | 170 | 170 | 340 |
| 31-62 | 210 | 210 | 210 | 210 | 420 |
| 63-126 | 250 | 250 | 250 | 250 | 500 |
| 127-254 | Not supported | 290 | 290 | 290 | 580 |
Additional Information
- Starting in ONTAP 9.16.x, a new new handshake deferral feature where, at the moment, the limit at which ONTAP will start to abort handshakes is effectively increased by a factor 4.
- Specifically, the handshake deferral queue size defaults to 3 times the concurrent handshake limit.
- 9.16.x also has the much faster handshake control plane which will support more concurrent handshakes across the board.
- KB: ONTAP reached the maximum limit of 290 concurrent TLS connection handshakes