Marion Hakanson <[EMAIL PROTECTED]>
> Folks,
>
> I didn't find this issue discussed in this list's archives, so here goes....
>
> I've recently been made aware of a problem with SSL connection startup
> interacting with some TCP stacks' implementations of the Nagle algorithm,
> which is used to coalesce what would be lots of tiny (1-character or so)
> packets into larger packets, and the stacks' delayed-ACK schemes. I'm no
> expert, but here are some references that discuss the issue in detail:
>
> http://www.cs.nyu.edu/artg/research/speedingTCP/buff_goldberg_speeding_up_TCP.ps
> http://www.etestinglabs.com/bi/cont1998/1998print/slowserv.asp
> http://www.sun.com/sun-on-net/performance/tcp.slowstart.html
...
IMAP and HTTP are different in this regard.
In IMAP, the client's first requests are likely to be two or more of
these: SSL negotiation, CAPABILITY, STARTTLS, LOGIN, SELECT. All tend to
involve small responses.
In HTTP, the usual response is a web page. That's big enough to usually
hit the problem described in your the sun.com page.
> All this reading has led me to look for a way to set TCP_NODELAY for
> secure IMAP sessions, since some of our users think this Nagle thing
> might be affecting our secure IMAP connections.
You can easily check it: Run tcpdump on the server, open a single IMAP
connection and look at the time data reported by tcpdump. Are there cases
where the server received a packet from the client and replied about 0.15
seconds later?
Here's time data for an SSL negotiation I just did (mutt 1.3.x talking to
stunnel 3.x):
C: 11:10:51.662830 ...
S: 11:10:51.662914 ... <- server delay is 0.0001s
C: 11:10:51.708192 ...
C: 11:10:51.729819 ...
S: 11:10:51.729886 ... <- server delay is 0.0001s
S: 11:10:51.731803 ...
C: 11:10:51.810272 ...
C: 11:10:51.830748 ...
S: 11:10:51.842130 ... <- server delay is 0.0114s
C: 11:10:51.933318 ...
S: 11:10:51.933348 ... <- server delay is 0.00003s
...
That's an average server-side delay of 0.003 seconds per packet. Disabling
Nagle clearly won't help this server.
--Arnt
