Performance issue with SSL and keep alive, weird result of ab test

Andreas Mock Tue, 09 Sep 2014 07:35:17 -0700

Hi all,

I'm just doing some performance test on a ha-proxy 1.5.4
and 'ab' on the client side:
* http => OK
* https => OK
* https + Keep-Alive => NOT OK (really bad performance)


Can someone explain this result to me. What did I miss?

Here the relevant config:

---------------------------------8<------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log /dev/log   local0
    maxconn 8192
    user haproxy
    group haproxy
    stats socket    /var/run/haproxy/haproxy.sock level admin
    tune.ssl.default-dh-param 4096

#---------------------------------------------------------------------
# Default settings
#---------------------------------------------------------------------
defaults
    balance     roundrobin
    log     global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    option redispatch

    option http-server-close
    timeout http-request 5s
    timeout connect 5s
    timeout server 10s
    timeout client 60s

frontend fe_ssl_static
    bind XXXXXX:80
    bind XXXXXX:443 ssl crt 
/etc/pki/tls/certs/certificates/multidomain/ssl.pem/server.pem ciphers 
ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:ECDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+RC4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GCM+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aRSA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
    default_backend be_bl


backend be_bl
    option httpchk GET /test.html
    http-check expect string okay
    option forwardfor
    acl ssl ssl_fc
    reqidel ^X-Forwarded-Proto:.*
    reqadd X-Forwarded-Proto:\ https if ssl
    reqadd X-Forwarded-Proto:\ http unless ssl
    server server01 YYYYYYYYYYYYYY:80 check maxconn 1000 weight 100
    server server02 YYYYYYYYYYYYYY:80 check maxconn 1000 weight 100
---------------------------------8<------------------------------------

HA-Proxy is connected via 100MBit.

The following tests were done:

Via http:
---------------------------------8<------------------------------------
$ ab  -c 30 -n 3000 http://my.domain.de/jquery.js
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking my.domain.de (be patient)
Completed 300 requests
Completed 600 requests
Completed 900 requests
Completed 1200 requests
Completed 1500 requests
Completed 1800 requests
Completed 2100 requests
Completed 2400 requests
Completed 2700 requests
Completed 3000 requests
Finished 3000 requests


Server Software:        lighttpd
Server Hostname:        my.domain.de
Server Port:            80

Document Path:          /jquery.js
Document Length:        93068 bytes

Concurrency Level:      30
Time taken for tests:   26.286 seconds
Complete requests:      3000
Failed requests:        0
Write errors:           0
Total transferred:      280415082 bytes
HTML transferred:       279437600 bytes
Requests per second:    114.13 [#/sec] (mean)
Time per request:       262.859 [ms] (mean)
Time per request:       8.762 [ms] (mean, across all concurrent requests)
Transfer rate:          10417.87 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        3   49 148.0     27    1046
Processing:    60  213  78.3    193    1439
Waiting:        6   29  11.1     28     257
Total:         74  262 168.4    222    1642

Percentage of the requests served within a certain time (ms)
  50%    222
  66%    240
  75%    257
  80%    267
  90%    308
  95%    490
  98%   1195
  99%   1244
 100%   1642 (longest request)
---------------------------------8<------------------------------------

vai https
---------------------------------8<------------------------------------
$ ab  -c 30 -n 3000 https://my.domain.de/jquery.js

This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking my.domain.de (be patient)
Completed 300 requests
Completed 600 requests
SSL read failed - closing connection
Completed 900 requests
Completed 1200 requests
Completed 1500 requests
Completed 1800 requests
Completed 2100 requests
Completed 2400 requests
Completed 2700 requests
Completed 3000 requests
Finished 3000 requests


Server Software:        lighttpd
Server Hostname:        my.domain.de
Server Port:            443
SSL/TLS Protocol:       TLSv1/SSLv3,ECDHE-RSA-AES128-SHA256,2048,128

Document Path:          /jquery.js
Document Length:        93068 bytes

Concurrency Level:      30
Time taken for tests:   33.296 seconds
Complete requests:      3000
Failed requests:        0
Write errors:           0
Total transferred:      280180493 bytes
HTML transferred:       279204000 bytes
Requests per second:    90.10 [#/sec] (mean)
Time per request:       332.960 [ms] (mean)
Time per request:       11.099 [ms] (mean, across all concurrent requests)
Transfer rate:          8217.61 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       27   86  53.5     82    1071
Processing:    51  242 186.6    207    1388
Waiting:        6  109 178.1     75    1152
Total:         87  328 198.2    290    2310

Percentage of the requests served within a certain time (ms)
  50%    290
  66%    320
  75%    341
  80%    357
  90%    413
  95%    518
  98%   1263
  99%   1313
 100%   2310 (longest request)

---------------------------------8<------------------------------------
BUT NOW with keep-alive on client side WITH SSL

---------------------------------8<------------------------------------
$ ab  -k -c 30 -n 3000 https://my.domain.de/jquery.js
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking my.domain.de (be patient)
Completed 300 requests
Completed 600 requests
Completed 900 requests
Completed 1200 requests
Completed 1500 requests
Completed 1800 requests
Completed 2100 requests
Completed 2400 requests
Completed 2700 requests
Completed 3000 requests
Finished 3000 requests


Server Software:        lighttpd
Server Hostname:        my.domain.de
Server Port:            443
SSL/TLS Protocol:       TLSv1/SSLv3,ECDHE-RSA-AES128-SHA256,2048,128

Document Path:          /jquery.js
Document Length:        93068 bytes

Concurrency Level:      30
Time taken for tests:   243.412 seconds
Complete requests:      3000
Failed requests:        1456
   (Connect: 0, Receive: 0, Length: 1424, Exceptions: 32)
Write errors:           0
Keep-Alive requests:    1576
Total transferred:      149759039 bytes
HTML transferred:       149198086 bytes
Requests per second:    12.32 [#/sec] (mean)
Time per request:       2434.122 [ms] (mean)
Time per request:       81.137 [ms] (mean, across all concurrent requests)
Transfer rate:          600.83 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0   14  19.8      0     173
Processing:     0 2393 2511.7     47    6027
Waiting:        0    8  34.0      6    1012
Total:          0 2407 2523.2     70    6197

Percentage of the requests served within a certain time (ms)
  50%     70
  66%   5048
  75%   5052
  80%   5055
  90%   5062
  95%   5073
  98%   5095
  99%   5120
 100%   6197 (longest request)

---------------------------------8<------------------------------------

So, can someone put some light on this?

Best regards
Andreas

Performance issue with SSL and keep alive, weird result of ab test

Reply via email to