Hi all,
Le 23/01/2016 08:18, Willy Tarreau a écrit :
Hi Gary,
On Fri, Jan 22, 2016 at 06:04:07PM -0800, Gary Barrueto wrote:
???Here is a small sample of what we've seen with a 1m payload.
cipher protocol mode reqs/sec reqs/sec % difference haproxy 1.5.14 haproxy 1.6.3
ECDHE-RSA-AES256-SHA384 TLS1.2 non-keepalive 208.92 184.25 -13.39%
ECDHE-RSA-AES256-SHA384 TLS1.2 keepalive 224.76 192.12 -16.99%
ECDHE-RSA-AES128-SHA256 TLS1.2 keepalive 174.91 159.67 -9.54%
ADH-AES128-SHA TLS1.1 keepalive 363.38 336.24 -8.07%
OK so in short, in the worst case the performance dropped from 2 Gbps
to 1.7 Gbps. That's particularly low for a multi-process config. The
typical performance you should get on AES256 and keep-alive is around
3-5 Gbps per core depending on the CPU's frequency.
Could you possibly run the same test in a single-process config ? Please
just run the ECDHE-RSA-AES256-SHA384-keepalive test since it's the most
visible one.
Also another test worth doing is to start a second load generator (I
don't know if you have another machine available) to ensure that in
no way there is anything in the middle limiting the performance,
including the load generator itself. Because quite frankly, these
numbers are suspiciously low. I've reached 19 Gbps of SSL traffic
in keep-alive with 1M objects on a quad-core. I'm not saying that
you should have seen 80 Gbps, but at least you should have seen
much more than 2 Gbps...
From my first tests, I can see a performance drop between commit
5506e3f8 and e583ea58 (before 1.6-dev1).
Here is the sample configuration I use :
global
tune.ssl.default-dh-param 2048
listen test
mode http
bind :9443 ssl crt localhost.pem
server s localhost:80
At commit 5506e3f8 (BUG/MINOR: stats: correctly set the request/response
analysers)
$ ab -n1000 -c1 -k https://127.0.0.1:9443/1mb
Time taken for tests: 2.403 seconds
Requests per second: 416.08 [#/sec] (mean)
The next commit (5be2f352 MAJOR: polling: centralize calls to I/O
callbacks) seems to break keep-alive, I can't test any commit until
e583ea58 where I have this result (still true with current 1.7 head) :
$ ab -n1000 -c1 -k https://127.0.0.1:9443/1mb
Time taken for tests: 2.933 second
Requests per second: 340.97 [#/sec] (mean)
--
Cyril Bonté
