You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Walter, Oliver (BR/ICA5)" <Ol...@boschrexroth.de> on 2005/09/20 19:18:14 UTC

[users@httpd] Serious Performance Issues

Hello list,

we have serious performance issues running apache 1.3.26 with ssl. Maybe
someone here has a hint we can do.

We are running a cluster with 2 HP DL380 with Dual CPU an 512 MB Ram. The
operating system is Debian Linux with Linux Virtual Server module ip_vs_wrr
on Port 80. HTTPS request are processed only on one node.

We use the server in 3 ways:

1. reverse proxy for several application server
2. with mod_caucho for the jsp delivery 
3. webserver for static content

The server load is mostly around 1 - 1.5. The server is not swapping.

18:39:59 up 201 days, 23:07,  2 users,  load average: 0.74, 0.57, 0.66
86 processes: 83 sleeping, 2 running, 1 zombie, 0 stopped
CPU states:  16.9% user,  27.8% system,   0.0% nice,  55.3% idle
Mem:    517304K total,   468792K used,    48512K free,   184156K buffers
Swap:  4048992K total,     1576K used,  4047416K free,   120996K cached

We found out, that we have a lot of connection in close_wait state 
the several backend systems (mod_caucho -> resin).

netstat | grep CLOSE_WAIT 
...
tcp        1      0 bridge15:3157           bridge28:6803           CLOSE_WAIT
tcp        1      0 bridge15:1912           bridge28:6803           CLOSE_WAIT

netstat | grep CLOSE_WAIT | wc -l
   1340

If they get to high (~4000), apache isn´t able to process any request anymore
(error_log):

[Tue Sep 20 15:15:10 2005] [error] [client xx.xx.xx.xx] (11)Resource temporarily 
unavailable: proxy connect to xxx.xxx.xxx.xxx port 80 failed

or

[Tue Sep 20 15:07:20 2005] [error] [client xx.xx.xx.xx] (111)Connection refused: 
proxy connect to xxx.xxx.xxx.xxx port 80 failed

We also can find a lot of the follwing error in the log:

[Tue Sep 20 15:03:34 2005] [error] mod_ssl: SSL handshake interrupted by system 
[Hint: Stop button pressed in browser?!] (System error follows)
[Tue Sep 20 15:03:34 2005] [error] System: Connection reset by peer (errno: 104)

I think too much for canceled browser actions.

We already changed the value for timeout_closewait from 60 to 30, which reduced 
the above mentioned connections, but did not achive any performance increase. The 
only thing was, that the proxy errors stopped.

HTTPS request are still very poor, even if almost nobody is browsing our website.

Any ideas what the problem could be, or where we can take another look?

Best regards

Oliver Walter (BR/ICA5)

Zentrale Informationsverarbeitung
Bosch Rexroth AG
The Drive & Control Company
Sandweg 45
D-97737 Gemünden-Langenprozelten
phone: +49(0)9352-18-3977
fax:   +49(0)9352-18-3985
mailto:oliver.walter@boschrexroth.de
http://www.boschrexroth.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Serious Performance Issues

Posted by allan juul <al...@muly.dk>.

Walter, Oliver (BR/ICA5) wrote:

i am no expert, but maybe you could post a snippet of your ssl.conf ?

on windows we experimented a lot with the ssl caching schemes which had 
a great influence on ssl performance. also the keepalive setting is 
important

have you actually measured/debugged ssl-handshake with openssl?

something like :

  $ openssl s_time -connect IP-address:443/somepath -time 60਀

or maybe it's just something with a very deep certificate ca chain ?

or ...

./allan

> Hello list,
> 
> we have serious performance issues running apache 1.3.26 with ssl. Maybe
> someone here has a hint we can do.
> 
> We are running a cluster with 2 HP DL380 with Dual CPU an 512 MB Ram. The
> operating system is Debian Linux with Linux Virtual Server module ip_vs_wrr
> on Port 80. HTTPS request are processed only on one node.
> 
> We use the server in 3 ways:
> 
> 1. reverse proxy for several application server
> 2. with mod_caucho for the jsp delivery 
> 3. webserver for static content
> 
> The server load is mostly around 1 - 1.5. The server is not swapping.
> 
> 18:39:59 up 201 days, 23:07,  2 users,  load average: 0.74, 0.57, 0.66
> 86 processes: 83 sleeping, 2 running, 1 zombie, 0 stopped
> CPU states:  16.9% user,  27.8% system,   0.0% nice,  55.3% idle
> Mem:    517304K total,   468792K used,    48512K free,   184156K buffers
> Swap:  4048992K total,     1576K used,  4047416K free,   120996K cached
> 
> We found out, that we have a lot of connection in close_wait state 
> the several backend systems (mod_caucho -> resin).
> 
> netstat | grep CLOSE_WAIT 
> ...
> tcp        1      0 bridge15:3157           bridge28:6803           CLOSE_WAIT
> tcp        1      0 bridge15:1912           bridge28:6803           CLOSE_WAIT
> 
> netstat | grep CLOSE_WAIT | wc -l
>    1340
> 
> If they get to high (~4000), apache isn´t able to process any request anymore
> (error_log):
> 
> [Tue Sep 20 15:15:10 2005] [error] [client xx.xx.xx.xx] (11)Resource temporarily 
> unavailable: proxy connect to xxx.xxx.xxx.xxx port 80 failed
> 
> or
> 
> [Tue Sep 20 15:07:20 2005] [error] [client xx.xx.xx.xx] (111)Connection refused: 
> proxy connect to xxx.xxx.xxx.xxx port 80 failed
> 
> We also can find a lot of the follwing error in the log:
> 
> [Tue Sep 20 15:03:34 2005] [error] mod_ssl: SSL handshake interrupted by system 
> [Hint: Stop button pressed in browser?!] (System error follows)
> [Tue Sep 20 15:03:34 2005] [error] System: Connection reset by peer (errno: 104)
> 
> I think too much for canceled browser actions.
> 
> We already changed the value for timeout_closewait from 60 to 30, which reduced 
> the above mentioned connections, but did not achive any performance increase. The 
> only thing was, that the proxy errors stopped.
> 
> HTTPS request are still very poor, even if almost nobody is browsing our website.
> 
> Any ideas what the problem could be, or where we can take another look?
> 
> Best regards
> 
> Oliver Walter (BR/ICA5)
> 
> Zentrale Informationsverarbeitung
> Bosch Rexroth AG
> The Drive & Control Company
> Sandweg 45
> D-97737 Gemünden-Langenprozelten
> phone: +49(0)9352-18-3977
> fax:   +49(0)9352-18-3985
> mailto:oliver.walter@boschrexroth.de
> http://www.boschrexroth.com
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org