Hi Jarno,
yes we are decrypting TLS on the frontend (official SSL-certificate) and
re-encrypt it before sending it to the backend (company policy so not
that easy to change it to an unencrypted connection). The CPU usage is
not higher than 15-20% even during peak times and the memory usage is
also quite low (200-800MB).
Regards,
Daniel
Am 21.06.17 um 10:00 schrieb Jarno Huuskonen:
Hi,
On Wed, Jun 21, Daniel Heitepriem wrote:
we got a problem recently which we can't explain to ourself. We got
a java application (Tomcat WAR-File) which has to handle several
million of requests per day and several thousand requests per second
during peak times. Due to this high amount we are splitting traffic
using an ACL in "booking traffic" and "availability traffic".
Booking traffic is negligible but the Availability traffic is
load-balanced over several application servers. The problem that
occurs is that our external partner "floods" the
Availability-Frontend with several thousand requests per second and
the backend becomes unresponsive. If we redirect them directly to
Looks like you're decrypting tls/ssl on frontend and then
re-encrypting on backend/server. Is one core(you're not using nbproc?)
able to handle thousand ssl requests coming in and going out ?
(is haproxy process using 100% cpu).
-Jarno
