Hello to everyone,
I’m seeking advice on the most performant approach for routing SSL traffic based on SNI to hundreds of backends that are updated daily for security reasons, generating new backend names each time via the Data Plane API.
Currently I’m using a single frontend with use_backend %[ssl_fc_sni] to route traffic directly to backends named after their respective SNI values.
My configuration looks like this:
frontend ssl_frontend
bind *:443
mode tcp
use_backend %[ssl_fc_sni]
backend example.com
mode tcp
server srv1 192.168.1.10:443 check
backend app2.example.com
mode tcp
server srv1 192.168.1.11:443 check
backend app1.example.com
mode tcp
server srv1 192.168.1.12:443 check
# ... hundreds more backends
HAProxy Version: 3.0.6
This approach works well functionally, but I’m wondering about performance implications at scale.
I’m considering whether using a map file to translate SNI values to backend names would be more efficient, using Lua scripting for custom routing logic, or if there are other recommended high-performance solutions for this use case.
Maintainability is important alongside performance.
Is there a significant performance difference between direct SNI routing and map files for this scale?
Any insights on performance and recommended approaches for large-scale SNI routing would be greatly appreciated.
Thanks in advance!
1 post - 1 participant