Hello Greg,
Can you shed any light on why HAProxy is so much faster than Jetty in
handling SSL?
We currently run a multi-tenant system as a cluster of standalone
(embedded) Jetty instances. We use Jetty as Servlet container but all
static content is served by Jetty as well. And since the SNI facility
became available we have been using Jetty to do all the SSL handling as
well.
To be honest I am really satisfied with our current setup and very
impressed with how Jetty handles itself under load. But if there are
significant advantages to different setups than maybe we should reconsider.
Does the picture change if we are talking about more than just small
fixed content?
Thanks in advance,
Silvio
On 11/19/2015 01:11 PM, Greg Wilkins wrote:
Simone
I'm testing all 4 possibilities. The 30% slow down is from clear text
direct to jetty verses clear text proxied to jetty. No ssl. That
makes sense to me as the proxy requires handling by 2 processes with
the same cpu available.
The 100% improvement is comparing direct ssl with proxied+offloaded
ssl. It shows the ssl performance gains are more than enough to
compensate for the costs of proxying.
On 19 Nov 2015 8:17 pm, "Simone Bordet" <[email protected]
<mailto:[email protected]>> wrote:
Greg,
On Thu, Nov 19, 2015 at 6:09 AM, Greg Wilkins <[email protected]
<mailto:[email protected]>> wrote:
>
>
> So here are some numbers using ab with keep alive option:
>
> HTTP :8080 98634.66 [#/sec] 117224.98 [Kbytes/sec]
> HTTP :8888 67073.40 [#/sec] 79715.16 [Kbytes/sec]
> HTTPS:8443 23622.46 [#/sec] 28074.74 [Kbytes/sec]
> HTTPS:8843 52365.51 [#/sec] 62235.18 [Kbytes/sec]
Uhm.
Proxying via HAProxy seem to slow down clear-text HTTP by 30%. That
seems *a lot* to me.
Are you offloading TLS at HAProxy and then forwarding the clear-text
bytes to backend ?
So the TLS numbers are actually measuring the difference in TLS
implementations ?
If you're not offloading TLS at HAProxy, then how come passing raw
bytes to the backend yields such a difference (lose 30% for clear-text
bytes, *gain* 100% for encrypted bytes) ?
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[email protected] <mailto:[email protected]>
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
