You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/07/06 03:02:48 UTC
[GitHub] [incubator-apisix] membphis opened a new issue #1804: performance: spend more time on ssl handshake
membphis opened a new issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804
tools: siege
```shell
# cat siegerc
verbose = true
quiet = false
gmethod = GET
limit = 500
show-logfile = true
logging = true
protocol = HTTP/1.1
chunked = true
cache = false
connection = close
concurrent = 100
time =1M
url =https://test.me/test.json
delay = 1
expire-session =false
internet = false
benchmark = true
accept-encoding = gzip
url-escaping = true
spinner = true
unique = true
siege -q -R ./siegerc
```
the response of `https://test.me/test.json`:
```json
{"test":
[{"level":"info","ts":"2020-06-12T14:41:57.133+0800","caller":"raft/raft.go:811","msg":"9957321eb5db8bba [logterm: 918, index: 319] sent MsgVote request to 60921c4b9b6be29d at term 921"},
{"level":"info","ts":"2020-06-12T14:41:57.133+0800","caller":"raft/raft.go:923","msg":"9957321eb5db8bba is starting a new election at term 921"},
{"level":"info","ts":"2020-06-12T14:41:57.133+0800","caller":"raft/raft.go:713","msg":"9957321eb5db8bba became candidate at term 922"},
{"level":"info","ts":"2020-06-12T14:41:57.133+0800","caller":"raft/raft.go:824","msg":"9957321eb5db8bba received MsgVoteResp from 9957321eb5db8bba at term 922"},
{"level":"info","ts":"2020-06-12T14:41:57.133+0800","caller":"raft/raft.go:811","msg":"9957321eb5db8bba [logterm: 918, index: 319] sent MsgVote request to 45f6f42f21825e6b at term 922"},
{"level":"info","ts":"2020-06-12T14:41:57.148+0800","caller":"raft/raft.go:811","msg":"9957321eb5db8bba [logterm: 918, index: 319] sent MsgVote request to 60921c4b9b6be29d at term 922"}]
}
```
flame graph:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] spacewander edited a comment on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
spacewander edited a comment on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-655233980
As the TLS session ticket is enabled since TLS 1.0, is it worthwhile to implement server side session reuse mechanism for old clients? Maybe we can suspend it until someone requires (or pays) for it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] UnderTreeTech commented on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
UnderTreeTech commented on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-659175368
Any updates? @membphis @moonming
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-654028841
We need to limit the speed of the SSL handshake and control it at a suitable frequency.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-654028330
I tested it on my local computer and reproduced the problem.
Here is the flame graph of `no-reuse-session`:
[perf-no-reuse-session.svg.zip](https://github.com/apache/incubator-apisix/files/4876949/perf-no-reuse-session.svg.zip)
Here is the flame graph of `reuse-session`:
[perf-reuse-session.svg.zip](https://github.com/apache/incubator-apisix/files/4876951/perf-reuse-session.svg.zip)
When we enabled `reuse-session`, QPS increased by 10 times.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis edited a comment on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
membphis edited a comment on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-654028330
I tested it on my local computer and reproduced the problem.
Here is the flame graph of `no-reuse-session`:
[perf-no-reuse-session.svg.zip](https://github.com/apache/incubator-apisix/files/4876949/perf-no-reuse-session.svg.zip)
Here is the flame graph of `reuse-session`:
[perf-reuse-session.svg.zip](https://github.com/apache/incubator-apisix/files/4876951/perf-reuse-session.svg.zip)
When we enabled `reuse-session`, QPS increased by 10 times.
My test code:
```lua
local sess = true
local function test()
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 9443)
if not ok then
ngx.say("failed to connect to test.com: ", err)
return
end
sess, err = sock:sslhandshake(sess, "test.com")
if not sess then
ngx.say("failed to do SSL handshake: ", err)
return
end
-- ngx.say("ssl handshake: ", type(sess))
local req = "GET /index.html HTTP/1.1\r\nHost: test.com\r\nConnection: keepalive\r\n\r\n"
local bytes, err = sock:send(req)
if not bytes then
ngx.say("failed to send http request: ", err)
return
end
local line, err = sock:receive()
if not line then
ngx.say("failed to receive response status line: ", err)
return
end
-- ngx.say("received: ", line)
local ok, err = sock:close()
-- ngx.say("close: ", ok, " ", err)
end
for i = 1, 1000 * 100 do
test()
end
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] spacewander commented on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-655233980
As the TLS session ticket is enabled since TLS 1.1, is it worthwhile to implement server side session reuse mechanism for old clients? Maybe we can suspend it until someone requires (or pays) for it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-659847058
1. Add speed limit method in the handshake phase, related issue: https://github.com/apache/incubator-apisix/issues/1858
2. The client support reuse session or ticket. the APISIX has supported to store/fetch the old session now. but for `ticket` session, APISIX does not support now, related issue: https://github.com/apache/incubator-apisix/issues/1859
welcome PR
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] moonming commented on issue #1804: performance: spend more time on ssl handshake
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #1804:
URL: https://github.com/apache/incubator-apisix/issues/1804#issuecomment-654064201
the steps to get flame graph by `perf`:
```
sudo perf record --call-graph dwarf -p `pid`
```
```
sudo perf script -i perf.data &> perf.unfold
```
```
git clone https://github.com/brendangregg/FlameGraph.git
./FlameGraph/stackcollapse-perf.pl perf.unfold &> perf.folded
./FlameGraph/flamegraph.pl perf.folded > perf.svg
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org