httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgaudet-list-new-ht...@arctic.org>
Subject Re: [module porting] mod_proxy
Date Wed, 22 Mar 2000 01:54:49 GMT


On Tue, 14 Mar 2000, James Sutherland wrote:

> I like the idea. Rather than having the async engine part of the main
> process, though, I'd like it to be external. This way, you could (for
> example) replace it with an SSL one. For high traffic sites (Netscape now
> offer their 128-bit browser for download via HTTPS - were Cray holding a
> spring sale or something?!) the SSL encryption/decryption is pretty heavy
> work. 

hunh.  it's not my experience that ssl encrypt/decrypt is that heavy --
when considered against the sheer CPU cost of supporting thousands of
modem clients as you would at any single "choke point" like the
architecture i proposed.  although maybe my viewpoint is skewed because
our systems at CP deal with pop, smtp, and imap traffic in addition to
http traffic... and pop in particular has far more tiny packets than http
in general (LIST, response, RETR 1, response, DELE 1, response, ...)

i admit to only having modelled numbers at the moment, but it appears that
simply doubling my CPU speed i'll handle the same load as i have now fully
encrypted.  and given that our currently deployed proxies were spec'd a
couple years ago we've already had Moore's law bring us to within the
realm of "should work on paper".

i'll report back in a few months when i've got production data.

Dean


Mime
View raw message