[Fedora-directory-users] FDS SSL performance tuning query
David Bogen
david.bogen at icecube.wisc.edu
Wed Aug 8 15:38:58 UTC 2007
We use SSL connections (LDAPS) almost exclusively and have easily
handled over 7000 SSL connections per minute without extensive tuning of
FDS. That particular server is a RHEL4 box running an AMD Opteron with
4GB of RAM.
Even a crusty old PIII (1.2Ghz) running RHEL3 has handled over 1000 SSL
connections per minute from a high-performance cluster, though I suspect
that the upper limit of that system isn't too far above that number and
we are moving beyond it to another 64-bit system.
Our experience has shown start_tls to be noticeably slower than straight
ssl; slow enough that the difference is noticeable to people and not
just to measurements. I would recommend going with straight SSL and not
messing around with start_tls.
If your connections are limited at 1600/minute I wonder if you aren't
perhaps hitting a limitation elsewhere in your system as our experience
seems to indicate that FDS can handle the load you are throwing at it.
David
--
David Bogen :: (608) 263-0168
Unix SysAdmin :: IceCube Project
david.bogen at icecube.wisc.edu
More information about the Fedora-directory-users
mailing list