Bank Keeps Hardware Vendors Honest

Case Study: Spirent tools help National City get online performance at levels promised.

IT managers often wish they could confront hardware vendors about overly optimistic performance claims. At National City Corp., they did just that.

Three years ago, National City, one of the nations 10 largest banks, began using testing tools from Spirent Communications Inc. to validate the performance of its switches and routers—then took the switch and router vendor to task when its products actual performance didnt jibe with the companys claims.

"Im pretty sure a product is not going to perform at the level a vendor claims, but I expect the equipment to perform at least around 60 percent of their claims," said Tuan Pham, senior network consultant at National City, based in Cleveland. "We were easily able to validate the performance and discover bottlenecks in our infrastructure using the testing appliances."

National City operates about 1,150 bank branches in Illinois, Indiana, Kentucky, Michigan, Missouri, Ohio and Pennsylvania. It also offers asset management, consumer finance, mortgage banking and leasing to millions of customers through its e-commerce site.

When National Citys IT managers began to upgrade the banks e-commerce infrastructure three years ago, they purchased Spirents Avalanche load-testing appliance and Reflector capacity assessment appliance to ensure transactions would be conducted with ease, speed and accuracy on the new infrastructure.

National City tested both Web and SSL (Secure Sockets Layer) traffic to determine performance levels, identify potential bottlenecks and predict user experience. IT managers used a variety of traffic profiles and transaction categories (transactions per second, new TCP connections per second, unique hits per second and number of users) to simulate traffic in the 90M-bps range.

The banks IT department gauged what the user experience would be like if 10,000 users showed up simultaneously and whether that experience would change if the number were increased to 20,000.

In the National City network, SSL traffic is separated from nonsecure HTTP traffic at the firewall. SSL traffic must be load-balanced across SSL termination devices, where it is converted to HTTP and then forwarded to Web and application servers. Traffic on those servers is load-balanced separately.

National City installed pairs of Avalanche and Reflector appliances between the SSL termination devices and the Web servers and between the Web and application servers. The systems were then configured to mimic different usage scenarios.

Before testing, IT managers expected to encounter a performance bottleneck in the load balancing equipment, but they found the load balancers performed as promised. The bottleneck, they eventually discovered, was in the SSL termination device.

The SSL termination device converted user traffic to HTTP 1.0 and then created a new TCP connection for every transaction request, so the number of TCP connections per second received by the load balancers was significantly higher than expected. In fact, testing allowed Pham and his colleagues to determine that the banks SSL termination device was actually performing at less than 10 percent of the vendors claims. (Pham declined to name the vendor.) After confronting the vendor, National City was given newer equipment that performed up to the vendors original claims.

Pham is planning another upgrade to his infrastructure to support the increasing number of connections, and he said he will use the Spirent tools to test and verify equipment from F5 Networks Inc. and Cisco Systems Inc. (Neither vendor provided the underperforming SSL termination device.) This time around, Pham wants to certify the new equipment to ensure it can handle at least 200MB-per-second throughput and at least five to six new connections per second.

Pham said he expects to begin testing the F5 and Cisco equipment in a few months, with a gradual rollout planned for years end.

"Avalanche and Reflector allow us to confront our vendors when we find their equipment is not functioning at the level they have committed to," Pham said. "When you need to keep a site up 24 hours a day, being able to validate performance is great."

Senior Writer Anne Chen can be reached at


Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.