Hi all, I did the ab test with concurrency = 1 and keep-alive. I found the following log entries written by HAProxy.
Sep 9 16:54:20 server haproxy[29183]: YYYYYYYY:60646 [09/Sep/2014:16:54:20.014] fe_ssl_static~ be_bl/server02 19/0/0/1/29 200 93412 - - ---- 10/9/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:25 server haproxy[29183]: YYYYYYYY:60649 [09/Sep/2014:16:54:25.051] fe_ssl_static~ be_bl/server02 20/0/1/0/30 200 93412 - - ---- 12/9/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:30 server haproxy[29183]: YYYYYYYY:60653 [09/Sep/2014:16:54:30.089] fe_ssl_static~ be_bl/server02 19/0/0/1/29 200 93412 - - ---- 14/9/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:35 server haproxy[29183]: YYYYYYYY:60656 [09/Sep/2014:16:54:35.127] fe_ssl_static~ be_bl/server01 20/0/1/0/31 200 93413 - - ---- 11/7/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:40 server haproxy[29183]: YYYYYYYY:60660 [09/Sep/2014:16:54:40.167] fe_ssl_static~ be_bl/server02 18/0/1/0/28 200 93412 - - ---- 12/4/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:45 server haproxy[29183]: YYYYYYYY:60663 [09/Sep/2014:16:54:45.205] fe_ssl_static~ be_bl/server01 19/0/0/1/31 200 93413 - - ---- 40/5/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:50 server haproxy[29183]: YYYYYYYY:60667 [09/Sep/2014:16:54:50.244] fe_ssl_static~ be_bl/server01 19/0/0/1/29 200 93413 - - ---- 29/21/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:54:55 server haproxy[29183]: YYYYYYYY:60670 [09/Sep/2014:16:54:55.282] fe_ssl_static~ be_bl/server02 20/0/1/0/34 200 93412 - - ---- 10/3/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:55:00 server haproxy[29183]: YYYYYYYY:60675 [09/Sep/2014:16:55:00.324] fe_ssl_static~ be_bl/server02 20/0/0/1/30 200 93412 - - ---- 10/5/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:55:05 server haproxy[29183]: YYYYYYYY:60678 [09/Sep/2014:16:55:05.363] fe_ssl_static~ be_bl/server01 20/0/0/1/30 200 93413 - - ---- 21/15/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:55:10 server haproxy[29183]: YYYYYYYY:60682 [09/Sep/2014:16:55:10.402] fe_ssl_static~ be_bl/server02 21/0/0/0/30 200 93412 - - ---- 33/22/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:55:15 server haproxy[29183]: YYYYYYYY:60685 [09/Sep/2014:16:55:15.442] fe_ssl_static~ be_bl/server02 20/0/1/0/30 200 93412 - - ---- 36/2/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:55:20 server haproxy[29183]: YYYYYYYY:60689 [09/Sep/2014:16:55:20.480] fe_ssl_static~ be_bl/server01 21/0/0/1/31 200 93413 - - ---- 4/3/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Sep 9 16:55:25 server haproxy[29183]: YYYYYYYY:60692 [09/Sep/2014:16:55:25.519] fe_ssl_static~ be_bl/server01 20/0/1/0/31 200 93413 - - ---- 23/8/0/1/0 0/0 "GET /jquery.js HTTP/1.0" Now I guess that the way keep-alive is done with the 'ab-tool' and HAProxy is somewhat incompatible. It seems that the timeout on HAProxy side triggers a new request. Can someone put light on this "Keep-Alive" behaviour? Best regards Andreas Mock > -----Ursprüngliche Nachricht----- > Von: Andreas Mock [mailto:[email protected]] > Gesendet: Dienstag, 9. September 2014 16:34 > An: haproxy > Betreff: Performance issue with SSL and keep alive, weird result of ab test > > Hi all, > > I'm just doing some performance test on a ha-proxy 1.5.4 > and 'ab' on the client side: > * http => OK > * https => OK > * https + Keep-Alive => NOT OK (really bad performance) > > Can someone explain this result to me. What did I miss? > > Here the relevant config: > > ---------------------------------8<------------------------------------ > #--------------------------------------------------------------------- > # Global settings > #--------------------------------------------------------------------- > global > log /dev/log local0 > maxconn 8192 > user haproxy > group haproxy > stats socket /var/run/haproxy/haproxy.sock level admin > tune.ssl.default-dh-param 4096 > > #--------------------------------------------------------------------- > # Default settings > #--------------------------------------------------------------------- > defaults > balance roundrobin > log global > mode http > option httplog > option dontlognull > retries 3 > option redispatch > > option http-server-close > timeout http-request 5s > timeout connect 5s > timeout server 10s > timeout client 60s > > frontend fe_ssl_static > bind XXXXXX:80 > bind XXXXXX:443 ssl crt > /etc/pki/tls/certs/certificates/multidomain/ssl.pem/server.pem ciphers > ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:E > CDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+R > C4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GC > M+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aR > SA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PS > K:!SRP:!DSS > default_backend be_bl > > > backend be_bl > option httpchk GET /test.html > http-check expect string okay > option forwardfor > acl ssl ssl_fc > reqidel ^X-Forwarded-Proto:.* > reqadd X-Forwarded-Proto:\ https if ssl > reqadd X-Forwarded-Proto:\ http unless ssl > server server01 YYYYYYYYYYYYYY:80 check maxconn 1000 weight 100 > server server02 YYYYYYYYYYYYYY:80 check maxconn 1000 weight 100 > ---------------------------------8<------------------------------------ > > HA-Proxy is connected via 100MBit. > > The following tests were done: > > Via http: > ---------------------------------8<------------------------------------ > $ ab -c 30 -n 3000 http://my.domain.de/jquery.js > This is ApacheBench, Version 2.3 <$Revision: 655654 $> > Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ > Licensed to The Apache Software Foundation, http://www.apache.org/ > > Benchmarking my.domain.de (be patient) > Completed 300 requests > Completed 600 requests > Completed 900 requests > Completed 1200 requests > Completed 1500 requests > Completed 1800 requests > Completed 2100 requests > Completed 2400 requests > Completed 2700 requests > Completed 3000 requests > Finished 3000 requests > > > Server Software: lighttpd > Server Hostname: my.domain.de > Server Port: 80 > > Document Path: /jquery.js > Document Length: 93068 bytes > > Concurrency Level: 30 > Time taken for tests: 26.286 seconds > Complete requests: 3000 > Failed requests: 0 > Write errors: 0 > Total transferred: 280415082 bytes > HTML transferred: 279437600 bytes > Requests per second: 114.13 [#/sec] (mean) > Time per request: 262.859 [ms] (mean) > Time per request: 8.762 [ms] (mean, across all concurrent requests) > Transfer rate: 10417.87 [Kbytes/sec] received > > Connection Times (ms) > min mean[+/-sd] median max > Connect: 3 49 148.0 27 1046 > Processing: 60 213 78.3 193 1439 > Waiting: 6 29 11.1 28 257 > Total: 74 262 168.4 222 1642 > > Percentage of the requests served within a certain time (ms) > 50% 222 > 66% 240 > 75% 257 > 80% 267 > 90% 308 > 95% 490 > 98% 1195 > 99% 1244 > 100% 1642 (longest request) > ---------------------------------8<------------------------------------ > > vai https > ---------------------------------8<------------------------------------ > $ ab -c 30 -n 3000 https://my.domain.de/jquery.js > > This is ApacheBench, Version 2.3 <$Revision: 655654 $> > Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ > Licensed to The Apache Software Foundation, http://www.apache.org/ > > Benchmarking my.domain.de (be patient) > Completed 300 requests > Completed 600 requests > SSL read failed - closing connection > Completed 900 requests > Completed 1200 requests > Completed 1500 requests > Completed 1800 requests > Completed 2100 requests > Completed 2400 requests > Completed 2700 requests > Completed 3000 requests > Finished 3000 requests > > > Server Software: lighttpd > Server Hostname: my.domain.de > Server Port: 443 > SSL/TLS Protocol: TLSv1/SSLv3,ECDHE-RSA-AES128-SHA256,2048,128 > > Document Path: /jquery.js > Document Length: 93068 bytes > > Concurrency Level: 30 > Time taken for tests: 33.296 seconds > Complete requests: 3000 > Failed requests: 0 > Write errors: 0 > Total transferred: 280180493 bytes > HTML transferred: 279204000 bytes > Requests per second: 90.10 [#/sec] (mean) > Time per request: 332.960 [ms] (mean) > Time per request: 11.099 [ms] (mean, across all concurrent requests) > Transfer rate: 8217.61 [Kbytes/sec] received > > Connection Times (ms) > min mean[+/-sd] median max > Connect: 27 86 53.5 82 1071 > Processing: 51 242 186.6 207 1388 > Waiting: 6 109 178.1 75 1152 > Total: 87 328 198.2 290 2310 > > Percentage of the requests served within a certain time (ms) > 50% 290 > 66% 320 > 75% 341 > 80% 357 > 90% 413 > 95% 518 > 98% 1263 > 99% 1313 > 100% 2310 (longest request) > > ---------------------------------8<------------------------------------ > BUT NOW with keep-alive on client side WITH SSL > > ---------------------------------8<------------------------------------ > $ ab -k -c 30 -n 3000 https://my.domain.de/jquery.js > This is ApacheBench, Version 2.3 <$Revision: 655654 $> > Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ > Licensed to The Apache Software Foundation, http://www.apache.org/ > > Benchmarking my.domain.de (be patient) > Completed 300 requests > Completed 600 requests > Completed 900 requests > Completed 1200 requests > Completed 1500 requests > Completed 1800 requests > Completed 2100 requests > Completed 2400 requests > Completed 2700 requests > Completed 3000 requests > Finished 3000 requests > > > Server Software: lighttpd > Server Hostname: my.domain.de > Server Port: 443 > SSL/TLS Protocol: TLSv1/SSLv3,ECDHE-RSA-AES128-SHA256,2048,128 > > Document Path: /jquery.js > Document Length: 93068 bytes > > Concurrency Level: 30 > Time taken for tests: 243.412 seconds > Complete requests: 3000 > Failed requests: 1456 > (Connect: 0, Receive: 0, Length: 1424, Exceptions: 32) > Write errors: 0 > Keep-Alive requests: 1576 > Total transferred: 149759039 bytes > HTML transferred: 149198086 bytes > Requests per second: 12.32 [#/sec] (mean) > Time per request: 2434.122 [ms] (mean) > Time per request: 81.137 [ms] (mean, across all concurrent requests) > Transfer rate: 600.83 [Kbytes/sec] received > > Connection Times (ms) > min mean[+/-sd] median max > Connect: 0 14 19.8 0 173 > Processing: 0 2393 2511.7 47 6027 > Waiting: 0 8 34.0 6 1012 > Total: 0 2407 2523.2 70 6197 > > Percentage of the requests served within a certain time (ms) > 50% 70 > 66% 5048 > 75% 5052 > 80% 5055 > 90% 5062 > 95% 5073 > 98% 5095 > 99% 5120 > 100% 6197 (longest request) > > ---------------------------------8<------------------------------------ > > So, can someone put some light on this? > > Best regards > Andreas >
