Hi Martin,
On Mon, Dec 10, 2007 at 11:17:44PM -0500, Martin Goldman wrote:
> Hi Willy,
>
> So, I tried moving the proxy onto a separate server and ran the same test,
> and found that although the CPU load wasn't quite as severe, the performance
> wasn't really any better -- still about 9,000 requests/sec from the cluster,
> compared to 15,000 from each of the individual web servers.
Then there's a real problem. 9000 requests/s is approximately what I get on my notebook when I slow it down to 800 MHz in order to facilitate benchmarks.
> I re-read your message, and I must admit I'm having a bit of trouble
> following your math, but it sounds like you weren't particularly surprised
> by my results.
I was not surprized because it was an estimation of the performance you would get from associating two components on a single machine when you know the performance you achieve with only one component. Now, if haproxy alone is limited to 9000 hits/s, then there's a problem.
> I'm having a bit of trouble wrapping my head around the idea
> that haproxy should have trouble keeping up with the performance of apache
> -- is that what you're saying you'd expect?
No, quite the opposite. Till there, I've always observed haproxy being about 5 times faster than apache on the same machine. That's why I'm amazed.
> With regards to ip_conntrack, I've done some googling around, but am having
> trouble understanding figuring out just what it is. In any case, sysctl -a |
> grep ip_conntrack doesn't get me anything.
It is a linux kernel module, it assures the connection tracking for the netfilter firewall. You could see it by doing "lsmod". It has to internally create connections entries for each connection that enters the proxy and each connection that gets out of it. And since by defaults the hashes are very poor, it can take an awful lot of time for each connection.
Also, could you send the output of "haproxy -V" (and haproxy -vv if it's as recent as 1.3.14) ?
Please keep me updated, this is a problem which must be solved.
Cheers,
Willy
Received on 2007/12/11 07:13
This archive was generated by hypermail 2.2.0 : 2007/12/11 07:15 CET