On Wed, Nov 17, 2010 at 09:46:05AM -0500, John Marrett wrote:
Bedis,
Cause using the cores to decrypt traffic would reduce drastically
overall performance.
Well, this is what we saw on our HTTP cache server (running CentOS) on
8 cores hardware: when enabling SSL, the performance were so
Here's an interesting blog post by a Google engineer about how they
rolled out SSL for many of their services with very little additional
CPU and network overhead. Specifically, he claims that
On our production frontend machines, SSL/TLS accounts for less than
1% of the CPU load, less than 10KB
Bedis,
Cause using the cores to decrypt traffic would reduce drastically
overall performance.
Well, this is what we saw on our HTTP cache server (running CentOS) on
8 cores hardware: when enabling SSL, the performance were so bad that
So we kept our old Nortel vpn 3050 to handle the SSL
Hi John,
Without entering too much in details, we have a mutualized reverse
proxy cache platform in order to accelerate HTTP content (you can call
it CDN ;) ) on which we use an HTTP reverse proxy caches coded by a
third party company.
The reverse proxy software run over a centos linux and has a
Bedis,
At that kind of connection volume (I assume that your 20k/s includes a
certain quantity of keepalive, but a large volume of new connections as
well) I'm not that surprised that you needed dedicated hardware. That
said, I wouldn't expect the load to necessarily be that bad. I have
little
I wish I could use OpenSource solution.
But my company refused so I had to follow their requirements
(actually, the requirement was to use this specific software :D)
and yes, our oldies do their job on SSL :)
(If it works, don't fix it!!!)
On Wed, Nov 17, 2010 at 5:05 PM, John Marrett
You might take a look at one of these:
http://www.caviumnetworks.com/processor_security_nitroxLite.htm
They ship a modified OpenSSL stack to take advantage of the card. Cavium is
what's inside most of the commercial load balancers...including I believe F5.
-J
Sent via iPhone
Is your e-mail
Hello,
On Sun, Nov 07, 2010 at 04:15:18PM +0100, Sebastien Estienne wrote:
Hello,
Is there any news about SSL support?
Yes there are some news, we'll have to work on it at Exceliance.
With current server's hardware having 8 cores or more, offering SSL is
quite cheap.
Hehe one thing at a
Le 16 nov. 2010 à 12:27, Willy Tarreau w...@1wt.eu a écrit :
Hello,
On Sun, Nov 07, 2010 at 04:15:18PM +0100, Sebastien Estienne wrote:
Hello,
Is there any news about SSL support?
Yes there are some news, we'll have to work on it at Exceliance.
this is great news, any early timeframe
On Tue, Nov 16, 2010 at 01:03:01PM +0100, Sebastien Estienne wrote:
Le 16 nov. 2010 à 12:27, Willy Tarreau w...@1wt.eu a écrit :
Hello,
On Sun, Nov 07, 2010 at 04:15:18PM +0100, Sebastien Estienne wrote:
Hello,
Is there any news about SSL support?
Yes there are some news,
10 matches
Mail list logo