[openstack-dev] [Octavia] Proposal to support multiple listeners on one HAProxy instance

Dustin Lundquist dustin at null-ptr.net
Thu Aug 21 20:56:45 UTC 2014


I'm on the fence here, I see a number of advantages to each:

Single HAProxy process per listener:

   - Failure isolation
   - TLS Performance -- for non TLS services HAProxy is IO bound, and there
   is no reason to run it across multiple CPU cores, but with HAProxy
   terminating TLS there is an increased potential of a DoS with a large
   number of incoming TLS handshakes.
   - Reduced impact of reconfiguration -- while there is very little impact
   when reloading the configuration since HAProxy hands off the listener
   sockets to the new instance and the old instance continues to handle those
   connections, with a more complex configuration it is more likely to affect
   services on other listeners.

Multiple listeners on a single HAProxy instance:

   - Enables sharing pools between listeners -- this would reduce keep
   health monitor traffic, and pipe-lining requests from multiple listeners is
   possible
   - Reduced resource usage -- we should preform the benchmarks and
   quantify this
   - Simplified stats/log aggregation
   - Simplified Octavia instances -- I think each Octavia instance only
   running a single HAProxy process is a win, its easier to monitor and
   upstart/systemd/init only needs to start a single process.


Dustin Lundquist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140821/87452d11/attachment.html>


More information about the OpenStack-dev mailing list