Hello!
This might be a bit off-topic (but just a little bit), as my question is related to the performance of stunnel when used with haproxy.
First of all: Is haproxy + stunnel the most common technique for terminating ssl with haproxy? Is there a solution that's more common or even uncommon but performing better on a 99% ssl traffic loadbalancer?
We are currently terminating ssl via stunnel (4.27, ulimit -n 50000), handing the decrypted traffic over to haproxy 1.3.23 via 127.0.0.1. Haproxy is proxying the request to 2 other systems.
The loadbalancer is an Intel XeonDual Core E3110 with 4 GB RAM, so plenty of ressources for a system doing nothing else besides ssl termination / load balancing.
We are experiencing a limit of about 100 requests per second on the ssl path. Unencrypted direct connections to haproxy perform much better, of course, so I'm pretty sure haproxy is not a bottleneck.
Basically I'm interessted in getting feedback on how other people implement ssl termination on a haproxy system and if you're reaching a request rate higher than 100 req/s? This is why I didn't supply any configuration settings in this mail.
The stunnel config is very basic. We played around with the timeout values and ulimit values a bit, without any noticeable performance boost while the system was loaded.
The system load "idles" at around 0.11 most of the time.
Thanks in advance.
Best,
Michael Received on 2010/05/12 17:15
This archive was generated by hypermail 2.2.0 : 2010/05/12 17:30 CEST