On 5/29/23 01:43, Aleksandar Lazic wrote:
HAProxies FE => HAProxies BE => Destination Servers
Where the Destination Servers are also HAProxies which just returns a
static content or any high performance low latency HTTPS Server.
With such a Setup can you test also the Client mode of the OpenSSL.
Oops. Mistype sent that message before I could finish it.
Interesting idea.
I set up haproxy on raspberry pi and configured it to serve a static web
page with https. Running the same version of haproxy on both the main
server and the raspi, running with the same version of quictls.
https://raspi1.elyograg.org
Side note: compiling and installing quictls and haproxy is a lot slower
on a raspberry pi than on a dell server. 84 seconds on the dell server
and 2591 seconds on the pi. Make gets 12 threads on the server, 2 on
the pi ... I give it half of the physical core count, rounded up to 2.
It took a while to get this info due to the slow compile speeds on the
pi. I wish build systems could give me an accurate estimate of how far
done the build is. The quictls one doesn't say ANYTHING.
The requests are taking more time in general. This is due to another
round trip (including TLS) from the server to the raspberry pi that did
not occur before. With the other URL, it was forwarding to Apache on
the same server, port 81 without TLS.
I still wouldn't call it a smoking gun, but this test shows evidence of
1.1 handling the concurrency better than 3.0.
1.1.1t:
20:31:21.177 [main] INFO o.e.t.h.MainSSLTest Count 24000 310.31/s
20:31:21.177 [main] INFO o.e.t.h.MainSSLTest 10th % 53 ms
20:31:21.178 [main] INFO o.e.t.h.MainSSLTest 25th % 60 ms
20:31:21.178 [main] INFO o.e.t.h.MainSSLTest Median 69 ms
20:31:21.178 [main] INFO o.e.t.h.MainSSLTest 75th % 81 ms
20:31:21.178 [main] INFO o.e.t.h.MainSSLTest 95th % 125 ms
20:31:21.178 [main] INFO o.e.t.h.MainSSLTest 99th % 163 ms
20:31:21.178 [main] INFO o.e.t.h.MainSSLTest 99.9 % 633 ms
3.0.8:
19:22:12.281 [main] INFO o.e.t.h.MainSSLTest Count 24000 290.48/s
19:22:12.281 [main] INFO o.e.t.h.MainSSLTest 10th % 59 ms
19:22:12.281 [main] INFO o.e.t.h.MainSSLTest 25th % 66 ms
19:22:12.282 [main] INFO o.e.t.h.MainSSLTest Median 75 ms
19:22:12.282 [main] INFO o.e.t.h.MainSSLTest 75th % 87 ms
19:22:12.282 [main] INFO o.e.t.h.MainSSLTest 95th % 123 ms
19:22:12.282 [main] INFO o.e.t.h.MainSSLTest 99th % 161 ms
19:22:12.282 [main] INFO o.e.t.h.MainSSLTest 99.9 % 1004 ms
3.1.0+locks:
The quictls compile failed on the pi. So I couldn't test this one. I
suppose I could have done it without TLS, but I didn't do that. Here's
the log from the compile:
/usr/bin/ld: unknown architecture of input file
`libcrypto.a(libdefault-lib-pbkdf2_fips.o)' is incompatible with aarch64
output
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:22146: fuzz/cmp-test] Error 1
make[1]: *** Waiting for unfinished jobs....
/usr/bin/ld: unknown architecture of input file
`libcrypto.a(libdefault-lib-pbkdf2_fips.o)' is incompatible with aarch64
output
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:22270: fuzz/punycode-test] Error 1
make: *** [Makefile:3278: build_sw] Error 2
I wonder why that happened. 1.1.1t and 3.0.8 compiled just fine. All
three work on x86_64.
I should set up my third server to serve the static page from haproxy.
It's x86_64. Maybe when I find all that free time I am looking for!
Slightly interesting detail, not sure what it means: The backend for
haproxy on the pi shows L6OK on the stats page instead of L7OK like all
the other backends.
Thanks,
Shawn
