With CPU details, do you know if virtualized CPU's offer this functionality? We're running a VMWare ESXi 5.5 installation with Intel Westmere CPU's.
Thank you, William Attwood System Engineer, Co-Founder Open Box I.T. Solutions, LLC c. 801-634-6479 On Tue, May 27, 2014 at 2:59 AM, Lukas Tribus <[email protected]> wrote: > Hi, > > > > Without purchasing specific expensive add-on cards [1], is there > > something specific to some modern CPUs which will accelerate SSL > > handling in haproxy 1.5? > > > > That is, should I be looking for something in a CPU which will > > improve performance considerably? There is an Intel instruction > > set called AES-NI but I don't know if that applies to HTTPS# > > traffic. As I understand, the initial negotiation in SSL is rsa/dsa > > but then the payload is transported using symmetric key encryption > > (like AES?). > > > > I'm only looking to handle about 50Mb/s of SSL traffic, so I'm not > > aiming very high. But it would be nice to know the headroom is there. > > Bandwidth is not really the limiting factor, handshakes per second is. > AES-NI gives you a nice performance boost but doesn't help with handshakes > afaik. > > Whats important, among other points, is having enough entropy, and the > RDRAND > feature of modern CPUs can help you there (if you trust your CPU vendor). > > Otherwise, there some software projects like haveged or audio entropy > daemon > that can feed random data in the kernel. > > > Keep-alive and session id resumption are very important features to scale > a SSL enabled site, so double check that those things are working properly. > > > > > Regards, > > Lukas > > >
