Improving HTTP Performance with Pound Load Balancer

Pound is great SSL offloader, reverse proxy and load balancer. It sends requests to backends as plain HTTP passing all headers, so no web content is stored in Pound.

 

 

In this short post I’m gonna tell how large number of requests can be handled with minimum server requirement and how to scale it.

I did install Pound on a Centos 7 machine and apart from it increase max TCP/IP connection limits in OS level. These will allow more sockets incoming requests. 

# sysctl -p
fs.file-max = 300000
net.ipv4.tcp_max_tw_buckets = 100000
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_keepalive_time = 512
net.ipv4.tcp_fin_timeout = 5
net.ipv4.inet_peer_maxttl = 5
net.core.rmem_max = 262143
net.core.rmem_default = 262143
net.ipv4.tcp_keepalive_intvl = 15
net.core.netdev_max_backlog = 5000
net.core.somaxconn = 5000
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_syn_backlog = 512
net.ipv4.ip_local_port_range = 1024 65535

On Pound side, the more you increase threads the more you have many number of simultaneous request. Note that threads use RAM and CPU thus if number of incoming requests are predictable on your application side it’s easy to manage server resources.

Here is the /etc/pound.cfg config that contains Threads directive:

User “pound”
Group “pound”
Control “/var/lib/pound/pound.cfg”
Threads 10240

#HTTP(S) LISTENERS
        ListenHTTPS
        Address 172.16.42.5
       #MaxRequest 104857600
        Port 443
        ## Defines which HTTP verbs are accepted. Value = 2 to allow default HTTP + standard WebDAV verbs. 
        xHTTP 3
        RewriteLocation 2

Cert “/etc/pki/tls/certs/yourssl.pem”
Ciphers “ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
Disable SSLv2
Disable SSLv3
SSLHonorCipherOrder 1

Service “web-prod”

                      HeadRequire “Host: www.mydomain.com”
                      #Url “”
                      #Redirect “”
                      Session
                      Type IP
                      TTL 3600
                      # #ID “sessionname””
                      
              BackEnd
                       Address 172.16.42.50
                       Port 80
                       TimeOut 3600
                        Priority 1
              End

             BackEnd
                        Address 172.16.42.51
                        Port 80
                        TimeOut 3600
                        Priority 5
            End

End

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *