Welcome! Log In Create A New Profile


reverse ssl proxy - speed & jitter

July 23, 2014 01:19PM
I am setting up a nginx reverse ssl proxy - I have a machine I can use with 2 E5-2650 CPU's and lots of RAM. I have nginx-1.6.0 + openssl-1.0.1h installed. I have taken into consideration most optimization suggestions out there and incorporated them. I will attach a copy of my config file.

(optimizing first connection experience is good) With my testing just for handshake + connection setup with 2K cert it is taking 3.5ms on average. I see spikes in this time every 40 or so handshakes. I would like the 90+ percentile of the handshakes to not have any jitter/variance.

testing method:
for i in {1..1000};
httperf --hog --server localhost --port 443 --ssl --uri /nginx_ping --ssl-no-reuse --num-calls 1 --num-conns 1 --rate 1 | egrep "Connection time \[ms\]\: |Reply time \[ms\]\: " | awk {'print $5'} | xargs | tr -s " " ", " >> test.log;

-if you think this methodology is not right - do let me know. I have looked at the tcpdumps and made sure a full handshake is happening and then a GET request is issued

gives me: request-time, connect_time, response_time
request_time = connect_time(ssl handshake + connection setup) + response_time.

1. I want to debug why there is jitter in the handshake time - i want the 90th, 95th, 99th, 99.9th percentiles to also be around 3.5ms.
2. I want to see if i can make nginx any faster to do handshake. what is the fastest you guys think this can happen
3. how can i profile nginx and proceed to make this faster

all comments are welcome!


not sure how to attach config:
config details:
5 workers, worker_priority -10, timer_resolution 200ms, worker_cpu_affinity to separates cores on cpu2, error_log to dev/null, use epoll, worker_conns 2000, multi_accept on, accept_mutex off, sendfile on, tcp_nopush on, tcp_nodelay on, file caches, keepalive_timeout 5000, keepalive_requests 100000, reset_timedout_connection on, client_body_timeout 10, send_timeout 2, gzip, server_tokens off, postpone_output 0. upstream: keep alive 180, proxy_buffering off, client_body_buffer_size 512K, large_client_header_buffers 4 64k, client_max_body_size 0. server: listen 443 ssl, access_log off, ssl_buffer_size 8k, ssl_session_timeout 10m, ssl_protocols SSLv3 TLSv1, ssl_ciphers RC4-MD5, ssl_prefer_server_ciphers on, ssl_session_cache shared:SSL:10m. location /nginx_ping - return 200.
Subject Author Posted

reverse ssl proxy - speed & jitter

newnovice July 23, 2014 01:19PM

Re: reverse ssl proxy - speed & jitter

newnovice July 23, 2014 02:00PM

Re: reverse ssl proxy - speed & jitter

Valentin V. Bartenev July 24, 2014 05:32AM

Re: reverse ssl proxy - speed & jitter

newnovice July 24, 2014 12:36PM

Re: reverse ssl proxy - speed & jitter

newnovice July 24, 2014 12:46PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 222
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready