Ssl benchmarks with and without nginx

Dear Reader,

today on the haproxy list was this link posted

I have asked why they not have tried to use nginx the answer was another
link

Maybe someone can verify if there is really a problem in nginx or this
difference is due to the fact that nginx is a REAL Webserver and the
other both ‘only’ SSL-Terminator.

BR
Aleks

Hello!

On Mon, Sep 19, 2011 at 09:56:19PM +0200, Aleksandar L. wrote:

Maybe someone can verify if there is really a problem in nginx or this
difference is due to the fact that nginx is a REAL Webserver and the
other both ‘only’ SSL-Terminator.

The main problem I see is nginx configuration. By default nginx
is configured to handle real-word load, not for ssl session
microbenchmarks. And the config used in particular test makes
things even worse due to “multi_accept on” used. For
microbenchmarking ssl one want to use

events {
    accept_mutext off;
    multi_accept off;
    ...
}

to ensure better distribution of connections between worker
processes, this should resolve observed latency issues.

Maxim D.

p.s. Stunnel in the same test was obviously benchmarked with
non-threaded OpenSSL, and that’s why it doesn’t scale to multiple
CPUs. With properly compiled OpenSSL it will scale fine.

OoO En cette nuit nuageuse du mardi 20 septembre 2011, vers 00:20,
mdounin at mdounin.ru (Maxim D.) disait :

Maybe someone can verify if there is really a problem in nginx or this
difference is due to the fact that nginx is a REAL Webserver and the
other both ‘only’ SSL-Terminator.

The main problem I see is nginx configuration. By default nginx
is configured to handle real-word load, not for ssl session
microbenchmarks. And the config used in particular test makes
things even worse due to “multi_accept on” used. For
microbenchmarking ssl one want to use

events {
    accept_mutext off;
    multi_accept off;
    ...
}

to ensure better distribution of connections between worker
processes, this should resolve observed latency issues.

Meantime, I have done and published another round of tests where I still
had the same issues for nginx. Aleksandar pointed me to your post. I
have modified my nginx configuration as you say and the latency issues
are now gone. I have updated my latest post with this correction and new
data. nginx now performs like stud (and even better since stud has
another kind of latency issue).

http://vincent.bernat.im/en/blog/2011-ssl-benchmark-round2.html

p.s. Stunnel in the same test was obviously benchmarked with
non-threaded OpenSSL, and that’s why it doesn’t scale to multiple
CPUs. With properly compiled OpenSSL it will scale fine.

The problem with stunnel was a bug in OpenSSL (for which stunnel
implements a slow workaround). Upgrading to a recent version of OpenSSL
allows stunnel to perform well.

Vincent Bernat :yin_yang: http://vincent.bernat.im

panic(“Attempted to kill the idle task!”);
2.2.16 /usr/src/linux/kernel/exit.c

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs