Haproxy not using full server resources for ssl offload

@moses wrote:

i have a haproxy setup on a virtual machine using kvm with 8 cores and 4Gb of memory.
i,m using it as a load balancer with SSL offloading(with verify required).
the server has a load average of 1.7 and is using only about a gigabyte of memory.
the SSL offload takes about 450ms.
my question is why the server is not using the full resources to decrease response time.
what is causing the event loop to stall.
i have enabled multi process in my config
here is the configuraion:

global
  nbproc 8
  cpu-map 1 0
  cpu-map 2 1
  cpu-map 3 2
  cpu-map 4 3
  cpu-map 5 4
  cpu-map 6 5
  cpu-map 7 6
  cpu-map 8 7

  log 127.0.0.1 local0
  maxconn 20000
  daemon
  uid 99
  gid 99
  tune.ssl.default-dh-param 2048
  tune.ssl.cachesize 1000000
  tune.bufsize 32768
  stats socket /var/run/haproxy1.sock mode 600 level admin process 1
  stats socket /var/run/haproxy2.sock mode 600 level admin process 2
  stats socket /var/run/haproxy3.sock mode 600 level admin process 3
  stats socket /var/run/haproxy4.sock mode 600 level admin process 4
  stats socket /var/run/haproxy5.sock mode 600 level admin process 5
  stats socket /var/run/haproxy6.sock mode 600 level admin process 6
  stats socket /var/run/haproxy7.sock mode 600 level admin process 7
  stats socket /var/run/haproxy8.sock mode 600 level admin process 8
  stats timeout 2m #Wait up to 2 minutes for input

#listen stats
#  bind :9001
#  mode http
#  stats enable
#  stats hide-version
#  stats realm Haproxy\ Stats
#  stats uri /haproxy_stats
#  stats auth  admin:sfPalang
#  stats admin if TRUE

defaults
  log     global
  mode    http
  maxconn 10000
  # option  httplog
  option  redispatch
  option  dontlognull
  retries                 3
  timeout http-request    10s
  timeout queue           1m
  timeout connect         10s
  timeout client          1m
  timeout server          1m
  timeout http-keep-alive 10s
  timeout check           10s

frontend https_frontend
  bind 0.0.0.0:443 ssl crt PEM_FILE ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ca-file /home/arsalan/rootCA.pem verify required process 1-8
  mode http
  option httpclose
  option forwardfor
  reqadd X-Forwarded-Proto:\ https
  
  SOME BACKEND CONFIGS (http backends with roundrobin config)

Posts: 1

Participants: 1

Read full topic