I've been testing ssl with version 1.5.14 and 1.6.3. I noticed that with larger files (1mb) reqs/sec is on average 7% slower and as much as 16% depending on the cipher when using version 1.6.3 compared to 1.5.14. Smaller requests (4k files) are not affected. Haproxy is using the exact same config for each version and is using nginx on localhost to serve the static files. We're getting our stats from running wrk benchmark tool which is running from another server with the same hardware spec which is connected on the same switch. Any ideas what may be causing this?
I have the 'haproxy -vv' output and hardware specs listed below. Also
attaching the haproxy/nginx configs being used.
Other then that version 1.6.3 seems to be preforming well on smaller
requests. Its the larger requests we're worried about as thats the size of
the majority of the traffic we want on ssl.
-gary
==
gary:~/scripts$ ./haproxy-1.5.14 -vv
HA-Proxy version 1.5.14 2015/07/02
Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_TFO=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1 14 Mar 2012
Running on OpenSSL version : OpenSSL 1.0.1 14 Mar 2012
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.12 2011-01-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
==
gary:~/scripts$ ./haproxy-1.6.3 -vv
HA-Proxy version 1.6.3 2015/12/25
Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_TFO=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1 14 Mar 2012
Running on OpenSSL version : OpenSSL 1.0.1 14 Mar 2012
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.12 2011-01-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
==
gary@:~/scripts$ sudo facter processorcount processor0
physicalprocessorcount bond0_speed eth0_speed eth3_speed memorysize
lsbdistdescription kernelrelease
bond0_speed => 20000
eth0_speed => 10000
eth3_speed => 10000
kernelrelease => 3.2.0-94-generic
lsbdistdescription => Ubuntu 12.04.5 LTS
memorysize => 31.39 GB
physicalprocessorcount => 2
processor0 => Intel(R) Xeon(R) CPU E5-2650L v2 @ 1.70GHz
processorcount => 40
nginx.conf
Description: Binary data
haproxyssl.conf
Description: Binary data
