Hi.
Am 16-03-2016 15:17, schrieb Christian Ruppert:
Hi,
this is rather HAProxy unrelated so more a general problem but anyway..
I did some tests with SSL vs. non-SSL performance and I wanted to share
my
results with you guys but also trying to solve the actual problem
So here is what I did:
[snipp]
A test without SSL, using "ab":
# ab -k -n 5000 -c 250 http://127.0.0.1:65410/
[snipp]
That's much worse than I expected it to be. ~144 requests per second
instead of
42*k*. That's more than 99% performance drop. The cipher a moderate but
secure
(for now), I doubt that changing the cipher will help a lot here.
nginx and HAProxy
performance is almost equal so it's not a problem with the server
software.
One could increase nbproc (at least in my case it only increased up to
nbproc 4,
Xeon E3-1281 v3) but that's just a rather minor enhancement. With those
~144 r/s
you're basically lost when being under attack. How did you guys solve
this problem?
External SSL offloading, using hardware crypto foo, special
cipher/settings tuning,
simply *much* more hardware or not yet at all?
You run both client & server on the same machine
Maybe you are running out of entropy?
Are you able to run the client on a different machine?
BR Aleks
