I've done a lot of benchmarking over the last 6 years and SSL performance simply eats up CPU and RAM. Back in 2002, I ran over 400 benchmarks on Tomcat 4.x with Remy (a tomcat developer). Even for a simple static page, SSL ate up a ton of resources.
Regardless of the application, a 450mhz CPU can only handle 3-5 concurrent requests reliably. The basic formula I go by is this. 500mhz - 250 ssl signatures per second since SSL scales linearly, you just multiply by the mhz or number of CPU. 250 x 4 = 1000 ssl signatures per second for a 2ghz cpu Now to figure out what that means in terms of requests/second, all you have to do is figure out how many requests a page view is. So say I have a page with 9 images. that means the first time the page is requested, there's 10 requests total. 250 signature/second / 10 signatures/request = 25 requests /second 25 SSL requests/second is the theoritical maximum for a 450-500mhz CPU. When you take concurrent requests into account, it roughly translates to 3-5 concurrent requests depending on how many images are on the page. As far as I know, this is true of commercial tools like webBench, mercury and others. So how do people test SSL? there's really only 2 practical approaches. 1. have a ton of clients and have 3-5 threads per machine 2. use a SSL enabled router to decrypt the traffic, though you'd need 2 of them to test effectively. What big sites like amazon, buy.com and the others do is use Network Attached SSL. The webservers only handle HTTP traffic and the SSL is done at the router. If you need to scale SSL, I would recommend going with that approach. Using software SSL will mean your production environment will need to have 30-40 servers to handle moderate SSL traffic for a small e-commerce site. Back before Netledger was bought out by Oracle, they had over 400 machines to handle the traffic. Once they got hardware accelerator and hooked it up, their performance improved 3-5x. I hope that helps peter On 5/11/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I'm not sure I understand what you're saying here. How in the world are > you supposed to load test a secure web application if this is the case? I > don't see how testing a secure application can be so much more memory > intensive for jmeter than a non-secure web application. I am using a > dual-processor server with plenty of power to run jmeter. Is there > nothing I can do to reduce the amount of memory the script is using so > that jmeter won't crash? > > Is it possible that something with the way my script is handling SSL could > be the culprit? > > Elli > > > HTTPS is a tremendous CPU hog and will eat up plenty of RAM. In > > general, a 2ghz CPU will max out with 20 concurrent HTTPS requests. More > > than that, you're not really stressing the server. > > > > if you really need to test HTTPS, I would recommend keeping each > > client machine to 10 threads. Most of the sites that require heavy HTTPS > > use hardware accelerators. I personally don't recommend using software > > HTTPS if the expected HTTPS load is more than 10-15 > > concurrent. > > > > for example, a 450mhz P3 can reliably handle 3-5 concurrent requests. > > More than that the server will crash. this is primarily a hardware and > > IO limitation. > > > > peter lin > > > > > > On 5/10/05, Elli Swift <[EMAIL PROTECTED]> wrote: > >> Hi all, > >> > >> I am load testing an HTTPS application and I'm continually running > >> into this out of memory error: > >> > >> [GCException java.lang.OutOfMemoryError: requested 8208 bytes > >> > >> The garbage collection comes along but just doesn't seem to be > >> clearing out enough room. I have increased the heap size to 1024, I'm > >> running jmeter on a server with almost 6GB of RAM, I have no listeners > >> in my test, I'm running in non-gui mode and I'm only running a test > >> with 25 users looping 4 times through (it dies almost immediately > >> after the second loop finishes). > >> > >> I created my script using the HTTP proxy server (I was able to disable > >> HTTPS in order to record the script) and I noticed that it recorded > >> quite a few things in each of the Browser-derived headers for each > >> HTTP request. (If-None-Match, Referer, Host, Accept-Language, > >> User-Agent, > >> If-Modified-Since, and Accept). Could any of these be using up > >> unnecessary resources? > >> > >> This truly puzzles me, as we were able to create a load test script > >> for one of our other (non-HTTPS) applications and fire off close to > >> 250 or 300 users and leave it running for hours without any problems. > >> Any suggestions would be very helpful!! > >> > >> Elli > >> > >> > > > > --------------------------------------------------------------------- To > > unsubscribe, e-mail: [EMAIL PROTECTED] For > > additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
