[squid-users] Squid and SSLBump
Alex Rousskov
rousskov at measurement-factory.com
Sat Jun 10 17:20:26 UTC 2017
On 06/09/2017 01:33 AM, FredB wrote:
> There is way to approximately estimate the "cost" of CPU/Memory usage of SSLbump ?
Ballpark splicing speed/CPU estimates[1,2] for Squid v4+:
* splicing during step 2: 75% of splicing during step1 performance
* splicing during step 3: 25% of splicing during step1 performance
Squid v3.5 numbers for splicing during step 2 are much worse (~20%)
because the SNI peeking code is not optimized in v3.5 [1].
I do not recall bumping numbers, but expect them to be approximately 10%
of baseline plain text performance.
The above info is based on lab benchmarks that do not reflect _your_
deployment environment. You can collect much more reliable performance
data for your use case by measuring your actual Squid performance while
turning features on and off (or at least by running lab benchmarks that
are tuned to represent your use case).
Please also note that there is currently no regular Squid performance
regression testing so individual releases may experience significant and
surprising changes[3]. If the Squid Foundation has enough money, the
Squid Project will fix that [4].
[1] http://lists.squid-cache.org/pipermail/squid-dev/2016-May/005659.html
[2] http://lists.squid-cache.org/pipermail/squid-dev/2016-May/005660.html
[3] http://lists.squid-cache.org/pipermail/squid-dev/2016-August/006637.html
[4] http://wiki.squid-cache.org/QA/Pilots
HTH,
Alex.
More information about the squid-users
mailing list