Hi Aleks,
On 2016-03-16 15:57, Aleksandar Lazic wrote:
Hi.
Am 16-03-2016 15:17, schrieb Christian Ruppert:
Hi,
this is rather HAProxy unrelated so more a general problem but
anyway..
I did some tests with SSL vs. non-SSL performance and I wanted to
share my
results with you guys but also trying to solve the actual problem
So here is what I did:
[snipp]
A test without SSL, using "ab":
# ab -k -n 5000 -c 250 http://127.0.0.1:65410/
[snipp]
That's much worse than I expected it to be. ~144 requests per second
instead of
42*k*. That's more than 99% performance drop. The cipher a moderate
but secure
(for now), I doubt that changing the cipher will help a lot here.
nginx and HAProxy
performance is almost equal so it's not a problem with the server
software.
One could increase nbproc (at least in my case it only increased up to
nbproc 4,
Xeon E3-1281 v3) but that's just a rather minor enhancement. With
those ~144 r/s
you're basically lost when being under attack. How did you guys solve
this problem?
External SSL offloading, using hardware crypto foo, special
cipher/settings tuning,
simply *much* more hardware or not yet at all?
You run both client & server on the same machine
Maybe you are running out of entropy?
Are you able to run the client on a different machine?
BR Aleks
I also ran 2 parallel "ab" on two separate machines against a third one.
The requests per second were around ~70 r/s per host instead of ~140. So
I doubt it's a entropy problem.
--
Regards,
Christian Ruppert
