Re: High performance HAProxy

Hi Willy,

Many thanks for your time and all the suggestions. This looks great.

I imagine we are going to try those and experiment for the next few days. I guess we'll hold off on the process binding in ssl_termination (2. below)) for now as we were experimenting on Debian 7 (which has slightly older kernel), apples-to-apples thing. Or, rather if I could say - we'll keep that for dessert :)

Will update on the results.

Thanks,
Eduard




2) you didn't specify any process binding in ssl_termination, so the
kernel wakes all processes with incoming connections, and a few of
them take some and the other ones go back to sleep. With a kernel
3.9 or later, you can multiply the "bind" lines and bind each of them
to a different process. The load will be much better distributed :

listen ssl_termination
bind 0.0.0.0:443 process 1 ssl crt /webapps/ssl/haproxy.new.crt ciphers AES-128-CBC:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM no-ssl3
bind 0.0.0.0:443 process 2 ssl crt /webapps/ssl/haproxy.new.crt ciphers AES-128-CBC:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM no-ssl3
...