On Wed, Jun 25, 2008 at 02:38:15PM +0800, Jeffrey 'jf' Lim wrote:
> On Wed, Jun 25, 2008 at 12:57 PM, Willy Tarreau <w#1wt.eu> wrote:
>
> > Hi JF,
> >
> > On Fri, Jun 20, 2008 at 04:09:41PM +0800, Jeffrey 'jf' Lim wrote:
> > > hi guys, I'm sort of looking into using haproxy, but with cttproxy in
> > > order to get the lb to be in front of the machines that are going to
> > > be load-balanced. Havent done too much testing yet, but I saw an old
> > > post that claims that the patch drops performance by about 30%, and
> > > was wondering if the list was getting the same thing, or if the
> > > performance has changed a fair bit in recent years. Could somebody
> > > provide some much appreciated feedback regarding updated versions of
> > > the patch + kernel?
> > >
> >
> > It's not cttproxy per-se which causes the performance drop, but
> > ip_conntrack.
> > If you already have ip_conntrack loaded and are satisfied with the
> > performance,
> > then you shouldn't worry. But if you currently don't use ip_conntrack on
> > the
> > machine, then you may have a big surprize after loading it :-/
> >
>
> ok, thanks for clarifying. As far as I know, ip_conntrack would only be used
> for the MASQUERADE target, right? If i need tproxy (= renamed cttproxy???),
> I wouldnt need to care, right?
I *believe* that tproxy v4 does not need ip_conntrack while cttproxy (v2) needed it. But I may be wrong. Anyway, if you still have ip_conntrack loaded for MASQUERADE, then it's still here eating your CPU cycles and memory, no matter if you use it or not.
Willy Received on 2008/06/25 11:42
This archive was generated by hypermail 2.2.0 : 2008/06/25 11:45 CEST