All: We have been using Pound as part of another Open source project (Zen LB) for almost two years. Recently, we disabled SSLv3 in v2.6 and are now experiencing problems with SSL connections. I'm not sure if the two are directly related but I have not been able to find any other likely cause.
We have a student population of approximately 13k and we are in the midst of our registration process -- a two week event with select groups allowed to register at 9:00am and 1:00pm. All of our links up to this point we're SSL offloaded by pound. I used the Apache Benchmarking utility to test our performance and we're able to push through 5k requests with a concurrency of fifty and there was no problem, but the system stops servicing requests after there are several hundred WAIT requests under real world conditions. We've found many of the latent WAITS are for Wireless and WAN connections. The system has several other SSL farms servicing other requests on other ports without problems, access to the system is not inhibited, we just not able to connect to port 443 and route traffic to our back-end servers when the backlog is high. The system was also tweaked -- we increased somaxcon and tcp_max_syn_backlog along with file-max and many other kernel options to fix the problem but have not been able to solve it. So, can this be related to Pound? or is it likely another issue completely. Any help on this would be most welcomed. Thanks, -Jeff -- Jeffrey Ramsay Assistant Director Enterprise Software Infrastructure and Technical Planning Binghamton University http://www.binghamton.edu
