Hi,
> You've got me thinking that maybe I'm going about this wrong and should > focus on using a single instance, with a corosync/pacemaker standby. I > hadn't done the calculations before, assuming I'd need more than one > instance, but now I see that about 7.5GB of RAM should handle 300,000 > connections, based on some load testing we've done before. I can spin an > instance with several times that, so that should work. I guess I had some > http load balancing stuck in my head, because we got much lower numbers > for that, as expected. Yeah, I think if you play with some numbers you will find a configuration that works for you. On the software/config side just remember to run a recent linux kernel, use tcp splicing, don't use conntrack. Of course also run a recent haproxy build. On the hardware side, I think the NIC choice is most important (also see the "Suggested 10GB card?" thread). > if there is a temporary break in persistence specifically from a server > being added/removed -- it's not the end of the world. You can use the ssl session id to make it persistent anyway: http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ That way, when a server is added or removed, clients on unaffected servers maintain their affinity. Also you can sync that stick table to your standby haproxy box, so in case there is a failover on the proxy, that data in that table survives (otherwise all clients need to renegotiate the SSL session at once, which will kill the CPU again on your backends). Regards, Lukas
