First of all, THANK YOU! We've known SSL performance isn't as good as it should for a while but this is the first solid benchmark I've seen.
Could we get this added to the benchmarks in core? https://github.com/joyent/node/tree/master/benchmark -Mikeal On Feb 28, 2012, at February 28, 20123:21 PM, Kelly Fox wrote: > After speaking a bit with Isaac on IRC, he convinced me to post here. :) > > I compared node's SSL handshaking performance to Apache 2.2 on the same > hardware and node's performance seemed lower than I'd expected. Node was > getting about 600-650 handshakes per second while Apache 2.2 was getting > about 2000. I ran each test for 30 seconds to see if performance was > sustained. After digging into the packet captures a bit, it looks like node > does not reuse Session IDs when the client offers a previously-negotiated ID. > Other SSL-capable web servers, e.g. Apache and lighttpd, do. > > Adding the option to reuse session IDs would theoretically make node's > performance jump appreciably higher. > > My server setup: > Fedora 16 with latest updates at the time of this post > node.js v0.6.11 (installed via the repo at nodejs.tchol.org) > Apache 2.2.22 (httpd-2.2.22-1.fc16.x86_64) > RSA_With_3DES_EDE_CBC_SHA cipher > 512-bit encryption > SSLv3 (not TLSv1) > Tweaks to my kernel params per the attached file > Bastardized Apache config per the attached file > No network traffic on the NIC other than test traffic > No other apps appreciably sucking CPU > Server hardware: quad-core Xeon @3.60GHz, 8GB RAM, 1Gb NIC > The node.js code I used is here: https://gist.github.com/1934981 > > The "clients" I used were actually simulated using dedicated > application/network simulation equipment. The clients were configured to > simply perform an SSL handshake , then close the connection with a reset. I > used a single source IP address with a varying source port range (ports > 1024-65535). > > I'd be happy to run more tests or provide more details if needed. > > Regards, > Kelly > <apache22SSL-config.tgz><sysctl.conf>
