Thanks Daniel for your quick response
I agree with all your statements about ancient versions and keep-alives.
Regarding throwing more threads at the problem. I attempted to set:
int maxThreads = 500;
ThreadingParameters threadingParameters = new ThreadingParameters();
threadingParameters.setMaxThreads(maxThreads);
threadingParameters.setMinThreads(maxThreads / 2);
However this didn't really change my performance profile. It seems that
these threads are post-negotiation. Is there a knob that I can turn to
change the number of acceptor threads in order to multi thread negotiation?
On Mon, Oct 21, 2013 at 10:59 AM, Daniel Kulp <[email protected]> wrote:
>
> On Oct 21, 2013, at 12:38 PM, Brett Humphreys <[email protected]>
> wrote:
>
> > Hi all,
> > This may be a bit off the wall, but I'm trying to squeeze out the most
> > performance out of Jetty that I can. However I have some constraints
> that
> > I can't change in the near term. Specifically:
> >
> > 1. I'm using a relatively ancient version of CXF (2.2.12)
> > 2. I'm *not* using keep-alive
> >
> > What I'd like to reach is about 180 SOAP operations per second (OPS) on
> > this jetty server, which is simulating a 3rd party server. It seems that
> > it takes Jetty ~350ms to negotiate the SSL connection. So what I'm
> seeing
> > is I get about 3 (technically 2.96 consistently) SOAP OPS with the Jetty
> > instance. If I turn on keep-alives, then my performance goes through the
> > roof (I see it take about ~20ms, but I think this is multithreaded) to
> > about 150 SOAP OPS.
> >
> > So without any heroics, is there a way that I can push jetty to get
> better
> > performance without setting keep-alives to true on my client?
>
> Likely not. SSL connections are very expensive to setup and create.
> As you see, 350ms is likely about right for negotiating the SSL connection.
> When using HTTPs, you really need to use Keep-Alives.
>
> Also, with CXF version that old, you're likely using the old old version
> of Jetty that doesn't use NIO for the SSL connectors. Thus, the Jetty
> threads are blocked throughout that process. Throwing more threads at it
> to allow additional simultaneous negotiations may help a little, but
> definitely not an ideal situation.
>
> I definitely suggest updating to a newer CXF (and newer Jetty). The
> newer Jetty has much better threading controls and defaults that would at
> least allow additional simultaneous connections.
>
> Dan
>
>
>
> > The reason for lack of keep alive connections is I'm trying to make sure
> > that under load I can still negotiate the SSL connections. Since I talk
> to
> > third parties through this interface I don't want to assume they'll have
> > keep-alives turned on.
> >
> > FWIW, I also have client authentication turned on.
> >
> > Here's some relevant config about my server:
> >
> > ClientAuthentication clientAuth = new ClientAuthentication();
> > clientAuth.setRequired(true);
> > clientAuth.setWant(true);
> >
> > I'm using very small keystores and truststores (1-2 entries each). And I
> > have the TLS cipher suites limited to a dozen or so trusted cipher
> suites.
> >
> > Thanks!
> >
> > Brett Humphreys
>
> --
> Daniel Kulp
> [email protected] - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
>
--
Brett Humphreys | Software Engineer, Carrier Billing Technical Lead |
[email protected] | 720-663-9479
