[openstack-dev] [Octavia] Proposal to support multiple listeners on one HAProxy instance
Dustin Lundquist
dustin at null-ptr.net
Thu Aug 21 20:56:45 UTC 2014
I'm on the fence here, I see a number of advantages to each:
Single HAProxy process per listener:
- Failure isolation
- TLS Performance -- for non TLS services HAProxy is IO bound, and there
is no reason to run it across multiple CPU cores, but with HAProxy
terminating TLS there is an increased potential of a DoS with a large
number of incoming TLS handshakes.
- Reduced impact of reconfiguration -- while there is very little impact
when reloading the configuration since HAProxy hands off the listener
sockets to the new instance and the old instance continues to handle those
connections, with a more complex configuration it is more likely to affect
services on other listeners.
Multiple listeners on a single HAProxy instance:
- Enables sharing pools between listeners -- this would reduce keep
health monitor traffic, and pipe-lining requests from multiple listeners is
possible
- Reduced resource usage -- we should preform the benchmarks and
quantify this
- Simplified stats/log aggregation
- Simplified Octavia instances -- I think each Octavia instance only
running a single HAProxy process is a win, its easier to monitor and
upstart/systemd/init only needs to start a single process.
Dustin Lundquist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140821/87452d11/attachment.html>
More information about the OpenStack-dev
mailing list