John-Paul,
Nice to have some stats, thanks.
However the most intensive CPU part of the SSL transaction on a load
balancer is the handshake (that's why we measure TPS) and as far as I'm
aware AES-NI is not used in the handshake?
We don't use it in our product because we couldn't find any benefit.
Hi Malcolm,
On Thu, May 29, 2014 at 11:56:40AM -0400, Malcolm Turnbull wrote:
John-Paul,
Nice to have some stats, thanks.
However the most intensive CPU part of the SSL transaction on a load
balancer is the handshake (that's why we measure TPS) and as far as I'm
aware AES-NI is not used
Without purchasing specific expensive add-on cards [1], is there something
specific to some modern CPUs which will accelerate SSL handling in haproxy 1.5?
That is, should I be looking for something in a CPU which will improve
performance considerably? There is an Intel instruction set called
On Tue, May 27, 2014 at 9:34 AM, Aristedes Maniatis a...@ish.com.au wrote:
Without purchasing specific expensive add-on cards [1], is there something
specific to some modern CPUs which will accelerate SSL handling in haproxy
1.5?
That is, should I be looking for something in a CPU which
Hey Ari,
if you use a recent Intel CPU with AES-NI support and OpenSSL 1.0.1,
harware accelereation will be used by default if you're using AES ciphers.
You can benchmark the performance with and without hardware acceleration
using these two commands:
# without acceleration
With CPU details, do you know if virtualized CPU's offer this
functionality? We're running a VMWare ESXi 5.5 installation with Intel
Westmere CPU's.
Thank you,
William Attwood
System Engineer, Co-Founder
Open Box I.T. Solutions, LLC
c. 801-634-6479
On Tue, May 27, 2014 at 2:59 AM, Lukas Tribus
On 27/05/2014 6:59pm, Lukas Tribus wrote:
Hi,
Without purchasing specific expensive add-on cards [1], is there
something specific to some modern CPUs which will accelerate SSL
handling in haproxy 1.5?
That is, should I be looking for something in a CPU which will
improve performance
Aristedes Maniatis wrote:
On 27/05/2014 6:59pm, Lukas Tribus wrote:
aesni_load=YES in loader.conf should take care of the AES side of things
As far as I know you don't need to load the AES-NI extension on FreeBSD
anymore, openssl will use acceleration without this statement in
loader.conf.
Here some Benchmarks with aes-256-cbc:
##OpenSSL 0.9.8
16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
165967.40k 176138.69k 178376.08k 165082.46k 178232.41k
### OpenSSL 1.0.1 without AES-NI (without kernel extension loaded)
16 bytes 64 bytes256 bytes 1024
9 matches
Mail list logo
