On Mon, Feb 9, 2015 at 9:50 PM, Shawn Heisey <[email protected]> wrote: > On 2/9/2015 1:08 PM, Baptiste wrote: >> could you define what you mean by "heavy" ? >> What type of web application do you host? >> How many req / conn per second do you expect? >> >> When doing SSL, the CPU is not enough, the memory also matters. > > I would plan on 16 or 32GB of RAM for the machine, more if you think it > would be necessary. > > I really don't know what my request rate will be. Most of our traffic > doesn't go through haproxy yet, it is being handled as TCP redirection > by the Linux virtual server. > > One of our busier sites (not currently SSL) is being handled by haproxy. > With an uptime of 24 days, haproxy says that the front-end max request > rate is 238. The max request rates on the three back end servers are > 245, 137, and 197. > > Now I'm going to toss around some numbers randomly in an attempt to > guess, and I expect these estimates to be quite a lot higher than reality: > > For planning purposes, let's imagine that we'll eventually see a normal > traffic rate ten times as high as we see currently on that one site, all > of which will be encrypted to the Internet, with at about a third of it > also encrypted on the back end. Paranoid customers are SO MUCH FUN. > > For capacity planning purposes, let's say that peak traffic could be two > or three times that. > > What kind of hardware and haproxy config would do that? > > Thanks, > Shawn > >
Hi Shawn, A single CPU core (choose the fastest one with AESNI enabled) can easily handle you current traffic and meet also the requirements of your capacity planning. >From a memory point of view, 16G sounds more than enough for your traffic expectation. To get some configuration tips, you can browse http://fr.slideshare.net/ssl247/webinar-ssl-en from slide 18th for HAProxy tips (that said, many useful information in the slide before). Baptiste
