On 21 Jun 2017 6:11 pm, "Daniel Heitepriem" <[email protected]> wrote:
Hi Jarno, yes we are decrypting TLS on the frontend (official SSL-certificate) and re-encrypt it before sending it to the backend (company policy so not that easy to change it to an unencrypted connection). The CPU usage is not higher than 15-20% even during peak times and the memory usage is also quite low (200-800MB). Regards, Daniel Am 21.06.17 um 10:00 schrieb Jarno Huuskonen: Hi, > > On Wed, Jun 21, Daniel Heitepriem wrote: > >> we got a problem recently which we can't explain to ourself. We got >> a java application (Tomcat WAR-File) which has to handle several >> million of requests per day and several thousand requests per second >> during peak times. Due to this high amount we are splitting traffic >> using an ACL in "booking traffic" and "availability traffic". >> Booking traffic is negligible but the Availability traffic is >> load-balanced over several application servers. The problem that >> occurs is that our external partner "floods" the >> Availability-Frontend with several thousand requests per second and >> the backend becomes unresponsive. If we redirect them directly to >> > Looks like you're decrypting tls/ssl on frontend and then > re-encrypting on backend/server. Is one core(you're not using nbproc?) > able to handle thousand ssl requests coming in and going out ? > (is haproxy process using 100% cpu). > > -Jarno > > What do you see in the haproxy log when the problem happens?
