I have an existing load balancer installation that I have been slowly migrating from IPVS to haproxy. It's CentOS 6, so many components are out of date, such as TLS support.
Once that migration is done, I would like to entirely replace the hardware and load an ideal software environment for haproxy. The new machines have Ubuntu 14, so the openssl version is fairly new, but not the newest available. The CPU is an Intel Xeon E5-2430, which has built-in TLS acceleration. It has 16GB of memory. The machine is dedicated for load balancing. How can I be sure that openssl is compiled with support for TLS acceleration in the CPU? I am compiling haproxy from source. Would you recommend that I install a separate and newer openssl from source for explicit use with haproxy, and tweak its config for the specific hardware it's on? The CPU has 6 hyperthreaded CPU cores. I know that haproxy can be run in multiprocess mode to take advantage of multiple CPU cores, but is that a recommended and stable config? If it is, then I will do it just so I'm taking full advantage of the hardware. I know from the list history that stats don't aggregate across processes, but as long as I can figure out how to look at all the stats, that shouldn't be a problem. Is there anything else I should be aware of or think about as I work on the OS and software for this replacement hardware? Thanks, Shawn
