Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Unix socket performance numbers
Hello Greg,

Can you shed any light on why HAProxy is so much faster than Jetty in handling SSL?

We currently run a multi-tenant system as a cluster of standalone (embedded) Jetty instances. We use Jetty as Servlet container but all static content is served by Jetty as well. And since the SNI facility became available we have been using Jetty to do all the SSL handling as well.

To be honest I am really satisfied with our current setup and very impressed with how Jetty handles itself under load. But if there are significant advantages to different setups than maybe we should reconsider.

Does the picture change if we are talking about more than just small fixed content?

Thanks in advance,

Silvio



On 11/19/2015 01:11 PM, Greg Wilkins wrote:

Simone

I'm testing all 4 possibilities. The 30% slow down is from clear text direct to jetty verses clear text proxied to jetty.  No ssl. That makes sense to me as the proxy requires handling by 2 processes with the same cpu available.

The 100% improvement is comparing direct ssl with proxied+offloaded ssl. It shows the ssl performance gains are more than enough to compensate for the costs of proxying.

On 19 Nov 2015 8:17 pm, "Simone Bordet" <sbordet@xxxxxxxxxxx> wrote:
Greg,

On Thu, Nov 19, 2015 at 6:09 AM, Greg Wilkins <gregw@xxxxxxxxxxx> wrote:
>
>
> So here are some numbers using ab with keep alive option:
>
> HTTP :8080  98634.66 [#/sec] 117224.98 [Kbytes/sec]
> HTTP :8888  67073.40 [#/sec]  79715.16 [Kbytes/sec]
> HTTPS:8443  23622.46 [#/sec]  28074.74 [Kbytes/sec]
> HTTPS:8843  52365.51 [#/sec]  62235.18 [Kbytes/sec]

Uhm.

Proxying via HAProxy seem to slow down clear-text HTTP by 30%. That
seems *a lot* to me.

Are you offloading TLS at HAProxy and then forwarding the clear-text
bytes to backend ?
So the TLS numbers are actually measuring the difference in TLS
implementations ?

If you're not offloading TLS at HAProxy, then how come passing raw
bytes to the backend yields such a difference (lose 30% for clear-text
bytes, *gain* 100% for encrypted bytes) ?

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top