Re: haproxy http2 benchmark
On 1/30/2018 7:41 PM, 龙红波 wrote: > h2load -n100 -c20 -m5 https://$0.172.144.113:1999/128 > starting benchmark... > spawning thread #0: 20 total client(s). 100 total requests > TLS Protocol: TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > Application protocol: h2 > .. > > finished in 86.23s, 11596.77 req/s, 2.90MB/s Are both the client and the server on the same LAN? The usage of the private IP address suggests that it is a LAN. Also, the fact that you are seeing more than 1 requests per second suggests that it is a LAN. I don't think you'd see that rate from one source over the Internet. I doubt HTTP/2 is going to really make much of a difference in a low-latency network environment like a LAN, especially if it's gigabit or faster. Your numbers show it to be 15 percent slower, which is really surprising. Try the same thing from a remote location over the Internet, where you've got real latency. That is the kind of situation where HTTP/2 promises to really speed things up. I found and built h2load from source (the master branch), then did a test similar to yours over the Internet from a client on a DSL connection to a system running haproxy 1.8.3 with http2 configured on the frontend. The backend is http/1.1. Here are the h2load options I used and the results of three consecutive tests. The URL was https. I did tests with three combinations of h2load parameters. One with http/1.1 and no pipelining, one with http/1.1 and pipelining (keepalive), and one with http/2. == --requests=500 --clients=5 --max-concurrent-streams=1 --npn-list=http/1.1 --no-tls-proto=http/1.1 finished in 19.47s, 25.67 req/s, 21.79KB/s finished in 32.50s, 15.39 req/s, 13.06KB/s finished in 47.48s, 10.53 req/s, 8.94KB/s == --requests=500 --clients=5 --max-concurrent-streams=5 --npn-list=http/1.1 --no-tls-proto=http/1.1 finished in 9.92s, 50.41 req/s, 42.78KB/s finished in 10.76s, 46.48 req/s, 39.45KB/s finished in 9.90s, 50.49 req/s, 42.84KB/s == --requests=500 --clients=5 --max-concurrent-streams=5 finished in 7.75s, 64.48 req/s, 50.33KB/s finished in 8.07s, 61.99 req/s, 48.39KB/s finished in 4.71s, 106.15 req/s, 82.85KB/s == (I did try the short option names for h2load like you had, but it just showed the help text, and didn't do the benchmark. So then I tried changing them to the long form and it started working.) Thanks, Shawn
Re: haproxy http2 benchmark
Hi, On Wed, Jan 31, 2018 at 10:41:44AM +0800, ??? wrote: > *hi all,* > *recently we are ready to upgrade to haproxy 1.8,however, when testing > HTTP2, we found a drop in performance,below is the test scenario:* (...) > *Use h2load test, respectively, test http1.1 and http2, A total of three > sets of data,haproxy reached cpu 100%,* > * group 1:* > > h2load -n100 -c20 -m5 https://$0.172.144.113:1999/128 > > starting benchmark... > spawning thread #0: 20 total client(s). 100 total requests > TLS Protocol: TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > Application protocol: h2 > .. > > finished in 86.23s, 11596.77 req/s, 2.90MB/s (...) > *group2:* > > h2load -n100 -c20 -m1 https://10.172.144.113:1999/128 --h1 > starting benchmark... > spawning thread #0: 20 total client(s). 100 total requests > TLS Protocol: TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > Application protocol: http/1.1 > .. > > finished in 73.72s, 13564.36 req/s, 4.42MB/s (...) > * group3:* > >h2load -n100 -c100 -m1 https://10.172.144.113:1999/128 --h1 >starting benchmark... >spawning thread #0: 100 total client(s). 100 total requests >TLS Protocol: TLSv1.2 >Cipher: ECDHE-RSA-AES256-GCM-SHA384 >Application protocol: http/1.1 >.. > >finished in 67.84s, 14739.69 req/s, 4.81MB/s (...) > *Is this phenomenon normal? Or my way of using is wrong?* "Normal" isn't the exact word, but I'd say reasonably expected however. The main difference between the H1 and H2 tests is that when H2 is used on the frontend, we can't yet reuse the connection on the backend, so you're working exactly in the same situation as if you were running with "option http-server-close". You may be interested in doing this test by the way, just to compare similar stuff. Willy
Re: haproxy http2 benchmark
Data flow is:
Client -> Haproxy > Nginx
Http2 Http1.1
2018-01-31 11:51 GMT+08:00 Igor Cicimov :
>
>
> On Wed, Jan 31, 2018 at 1:41 PM, 龙红波 wrote:
>
>> *hi all,*
>> *recently we are ready to upgrade to haproxy 1.8,however, when
>> testing HTTP2, we found a drop in performance,below is the test scenario:*
>> * haproxy version:*
>>
>> HA-Proxy version 1.8.3-205f675 2017/12/30
>> Copyright 2000-2017 Willy Tarreau
>>
>> Build options :
>>TARGET = linux2628
>> CPU = generic
>> CC = gcc
>> CFLAGS = -O2 -g -fno-strict-aliasing
>> -Wdeclaration-after-statement -fwrapv -Wno-unused-label
>> OPTIONS = USE_OPENSSL=1
>>
>> Default settings :
>> maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
>> maxpollevents = 200
>> Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
>> Running on OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
>> OpenSSL library supports TLS extensions : yes
>> OpenSSL library supports SNI : yes
>> OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
>> Built with transparent proxy support using: IP_TRANSPARENT
>> IPV6_TRANSPARENT IP_FREEBIND
>> Encrypted password support via crypt(3): yes
>> Built with multi-threading support.
>> Built without PCRE or PCRE2 support (using libc's regex
>> instead)
>> Built without compression support (neither USE_ZLIB nor
>> USE_SLZ are set).
>> Compression algorithms supported : identity("identity")
>> Built with network namespace support.
>>
>> * haproxy config:*
>>
>> global
>> chroot /var/lib/haproxy
>> stats socket /run/haproxy/admin.sock mode 660 level admin
>> stats timeout 10s
>> user haproxy
>> group haproxy
>> maxconn 81920
>> daemon
>> tune.ssl.default-dh-param 2048
>> ssl-default-bind-options no-sslv3
>> ssl-default-bind-ciphers HIGH:!aNULL:!MD5:!ADH:!RC4
>> tune.ssl.lifetime 600s
>> tune.ssl.maxrecord 1500
>> tune.ssl.cachesize 20m
>> nbproc 1
>> tune.h2.max-concurrent-streams 500
>>
>> defaults
>> maxconn 81920
>> option clitcpka
>> option srvtcpka
>> option log-health-checks
>> option splice-auto
>> option http-keep-alive
>> option redispatch
>> no option http-buffer-request
>> timeout http-keep-alive 90s
>> backlog 8192
>> timeout connect 4000
>> timeout queue 90s
>> timeout check 5s
>> timeout client-fin 90s
>> timeout server-fin 90s
>> monitor-net 10.185.3.117/32
>> errorfile 400 /etc/haproxy/errors/400.http
>> errorfile 403 /etc/haproxy/errors/403.http
>> errorfile 408 /etc/haproxy/errors/408.http
>> errorfile 500 /etc/haproxy/errors/500.http
>> errorfile 503 /etc/haproxy/errors/503.http
>> errorfile 504 /etc/haproxy/errors/504.http
>>
>> backend 1999_8c78604d-287a-4f95-b216-40a568f06b77
>> option tcp-check
>> timeout check 2000
>> timeout server 90s
>> balance roundrobin
>> mode http
>> option httplog
>> no option splice-auto
>> server backserver-group-ins:10.172.114.50:000_
>> 10.172.114.50: check inter 5000 rise 2 fall 5weight 100
>> server backserver-group-ins:10.172.114.49:000_
>> 10.172.114.49: check inter 5000 rise 2 fall 5weight 100
>>
>> frontend 1999_da24bbd3-00b5-45ef-8bf4-32d05d417818
>> timeout client 90s
>> mode http
>> option dontlognull
>> no option splice-auto
>> bind :1999 mss 1360 ssl crt /etc/ssl/xip.io/xip.io.pem alpn h2
>> npn h2,http/1.1
>>
>> acl host_acl_0 hdr_reg(host) -i ^.*$
>> acl path_acl_0_0 path_reg -i /
>> use_backend 1999_8c78604d-287a-4f95-b216-40a568f06b77 if
>> host_acl_0 path_acl_0_0
>>
>> *Use h2load test, respectively, test http1.1 and http2, A total of three
>> sets of data,haproxy reached cpu 100%,*
>> * group 1:*
>>
>> h2load -n100 -c20 -m5 https://$0.172.144.113:1999/128
>>
>> starting benchmark...
>> spawning thread #0: 20 total client(s). 100 total requests
>> TLS Protocol: TLSv1.2
>> Cipher: ECDHE-RSA-AES256-GCM-SHA384
>> Application protocol: h2
>> ..
>>
>> finished in 86.23s, 11596.77 req/s, 2.90MB/s
>> requests: 100 total, 100 started, 100 done, 100
>> succeeded, 0 failed, 0 errored, 0 timeout
>> status codes: 100 2xx, 0 3xx, 0 4xx, 0 5xx
>>
>
Re: haproxy http2 benchmark
On Wed, Jan 31, 2018 at 1:41 PM, 龙红波 wrote:
> *hi all,*
> *recently we are ready to upgrade to haproxy 1.8,however, when testing
> HTTP2, we found a drop in performance,below is the test scenario:*
> * haproxy version:*
>
> HA-Proxy version 1.8.3-205f675 2017/12/30
> Copyright 2000-2017 Willy Tarreau
>
> Build options :
>TARGET = linux2628
> CPU = generic
> CC = gcc
> CFLAGS = -O2 -g -fno-strict-aliasing
> -Wdeclaration-after-statement -fwrapv -Wno-unused-label
> OPTIONS = USE_OPENSSL=1
>
> Default settings :
> maxconn = 2000, bufsize = 16384, maxrewrite = 1024,
> maxpollevents = 200
> Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
> Running on OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
> Built with transparent proxy support using: IP_TRANSPARENT
> IPV6_TRANSPARENT IP_FREEBIND
> Encrypted password support via crypt(3): yes
> Built with multi-threading support.
> Built without PCRE or PCRE2 support (using libc's regex
> instead)
> Built without compression support (neither USE_ZLIB nor
> USE_SLZ are set).
> Compression algorithms supported : identity("identity")
> Built with network namespace support.
>
> * haproxy config:*
>
> global
> chroot /var/lib/haproxy
> stats socket /run/haproxy/admin.sock mode 660 level admin
> stats timeout 10s
> user haproxy
> group haproxy
> maxconn 81920
> daemon
> tune.ssl.default-dh-param 2048
> ssl-default-bind-options no-sslv3
> ssl-default-bind-ciphers HIGH:!aNULL:!MD5:!ADH:!RC4
> tune.ssl.lifetime 600s
> tune.ssl.maxrecord 1500
> tune.ssl.cachesize 20m
> nbproc 1
> tune.h2.max-concurrent-streams 500
>
> defaults
> maxconn 81920
> option clitcpka
> option srvtcpka
> option log-health-checks
> option splice-auto
> option http-keep-alive
> option redispatch
> no option http-buffer-request
> timeout http-keep-alive 90s
> backlog 8192
> timeout connect 4000
> timeout queue 90s
> timeout check 5s
> timeout client-fin 90s
> timeout server-fin 90s
> monitor-net 10.185.3.117/32
> errorfile 400 /etc/haproxy/errors/400.http
> errorfile 403 /etc/haproxy/errors/403.http
> errorfile 408 /etc/haproxy/errors/408.http
> errorfile 500 /etc/haproxy/errors/500.http
> errorfile 503 /etc/haproxy/errors/503.http
> errorfile 504 /etc/haproxy/errors/504.http
>
> backend 1999_8c78604d-287a-4f95-b216-40a568f06b77
> option tcp-check
> timeout check 2000
> timeout server 90s
> balance roundrobin
> mode http
> option httplog
> no option splice-auto
> server backserver-group-ins:10.172.114.50:000_
> 10.172.114.50: check inter 5000 rise 2 fall 5weight 100
> server backserver-group-ins:10.172.114.49:000_
> 10.172.114.49: check inter 5000 rise 2 fall 5weight 100
>
> frontend 1999_da24bbd3-00b5-45ef-8bf4-32d05d417818
> timeout client 90s
> mode http
> option dontlognull
> no option splice-auto
> bind :1999 mss 1360 ssl crt /etc/ssl/xip.io/xip.io.pem alpn h2
> npn h2,http/1.1
>
> acl host_acl_0 hdr_reg(host) -i ^.*$
> acl path_acl_0_0 path_reg -i /
> use_backend 1999_8c78604d-287a-4f95-b216-40a568f06b77 if
> host_acl_0 path_acl_0_0
>
> *Use h2load test, respectively, test http1.1 and http2, A total of three
> sets of data,haproxy reached cpu 100%,*
> * group 1:*
>
> h2load -n100 -c20 -m5 https://$0.172.144.113:1999/128
>
> starting benchmark...
> spawning thread #0: 20 total client(s). 100 total requests
> TLS Protocol: TLSv1.2
> Cipher: ECDHE-RSA-AES256-GCM-SHA384
> Application protocol: h2
> ..
>
> finished in 86.23s, 11596.77 req/s, 2.90MB/s
> requests: 100 total, 100 started, 100 done, 100
> succeeded, 0 failed, 0 errored, 0 timeout
> status codes: 100 2xx, 0 3xx, 0 4xx, 0 5xx
>
>
> *group2:*
>
> h2load -n100 -c20 -m1 https://10.172.144.113:1999/128 --h1
> starting benchmark...
> spawning thread #0: 20 total client(s). 100 total requests
> TLS Protocol: TLSv1.2
> Cipher: ECDHE-RSA-AES256-GCM-S
