Maxim Dounin
December 02, 2021 11:12PM

On Fri, Dec 03, 2021 at 12:31:50AM +0000, Vadim Fedorenko wrote:

> I would say that current implementation of Kernel TLS in OpenSSL will give
> huge overhead because of additional syscall for every frame and it's header,
> it doesn't matter if it's sendfile or not. Without sendfile it's actually
> 5% worse
> in my tests. That's why it's better to disable Kernel TLS for HTTP/2
> requests
> in Nginx + OpenSSL.

Without SSL_sendfile(), kernel TLS might make sense if TLS
offloading is supported by a NIC, freeing some CPU power.

With SSL_sendfile(), it is beneficial even without any specialized
hardware. Just not with HTTP/2.

> The only solution for this would be implementation of sendmsg()/sendmmsg()
> in OpenSSL and support for such implementation in Nginx together with mmap()
> for files. This solution would have the same performance as sendfile() from
> kernel perspective.

On FreeBSD sendfile() is much more than mmap() and send[m]msg().

Also I tend to think that mmap() is a very risky mechanism for
sending files, and shouldn't be used by a general-purpose server
such as nginx, as it kills the server on disk errors.

Rather, solution for HTTP/2 would be to implement in-kernel HTTP/2
framing along with in-kernel TLS. Or a more general sendfile()
implementation, such as sendfilev() on Solaris. Not sure it worth
the effort though.

Maxim Dounin
nginx-devel mailing list
Subject Author Views Posted

nginx KTLS and HTTP/2 performance degradation

Lyuben Stoev 193 December 02, 2021 07:06AM

Re: nginx KTLS and HTTP/2 performance degradation

Maxim Dounin 94 December 02, 2021 08:08AM

Re: nginx KTLS and HTTP/2 performance degradation

Vadim Fedorenko 95 December 02, 2021 07:34PM

Re: nginx KTLS and HTTP/2 performance degradation

Maxim Dounin 81 December 02, 2021 11:12PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready