You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2015/07/06 14:03:06 UTC

[jira] [Comment Edited] (TS-3714) TS seems to stall between ua_begin and ua_first_read on some transactions resulting in high response times.

    [ https://issues.apache.org/jira/browse/TS-3714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14614870#comment-14614870 ] 

Susan Hinrichs edited comment on TS-3714 at 7/6/15 12:02 PM:
-------------------------------------------------------------

I think this change needs evaluation in the 5.3/6.0 code base, and so should be rolled back for the time being.  The handshake handling code changed with 5.2.  And we tracked down some similar issues with that code in TS-3424. I think it would also be useful to separate the accept thread fix which by my reading of the comments here is not ssl-related.

I spent time this weekend and the end of last week trying to reproduce the SSL_read over-read described in http://openssl.6102.n7.nabble.com/non-blocking-SSL-read-API-problem-td37403.html.  I assume that this was only a concern in over-reading on the handshake based on the proposed fix.  I created a test client https://github.com/shinrich/ats-test, which uses ssl-session reuse to create a situation where it is likely that ATS reads the first packet of the data exchange with the last packet of the handshake from the client.  I verified that this over-read happens with fair frequency based on looking at wireshark packet captures and by the insertion of a debug message in the 6.0 code base.

The client makes a regular SSL-based HTTPS request.  Then it harvests the SSL_SESSION and uses it to launch 100 threads making a session-reuse SSL handhshake and HTTPS request.  

I ran the client in loops for quite a while against open source versions of 5.0.x, 5.3.x, 6.0.0, and my version of master (before the introduction of the changes on this issue).  In earlier versions of the test client, I thought that I saw client stall more against the 5.0.x version of ATS, but once I fixed errors in the ats-test client, I no longer saw those errors.  

I don't doubt that there is an error, but it more subtle than a straightforward SSL_read over-read on handhshake.

[~sudheerv] how are you catching the problem in production?  Via slow logs?  What kind of traffic are you seeing?  Mostly posts?  Large responses?  Would it be possible for you to test with 5.3.0?  


was (Author: shinrich):
I think this change needs evaluation in the 5.3/6.0 code base, and so should be rolled back for the time being.   I think it would also be useful to separate the accept thread fix which by my reading of the comments here is not ssl-related.

I spent time this weekend and the end of last week trying to reproduce the SSL_read over-read described in http://openssl.6102.n7.nabble.com/non-blocking-SSL-read-API-problem-td37403.html.  I assume that this was only a concern in over-reading on the handshake based on the proposed fix.  I created a test client https://github.com/shinrich/ats-test, which uses ssl-session reuse to create a situation where it is likely that ATS reads the first packet of the data exchange with the last packet of the handshake from the client.  I verified that this over-read happens with fair frequency based on looking at wireshark packet captures and by the insertion of a debug message in the 6.0 code base.

The client makes a regular SSL-based HTTPS request.  Then it harvests the SSL_SESSION and uses it to launch 100 threads making a session-reuse SSL handhshake and HTTPS request.  

I ran the client in loops for quite a while against open source versions of 5.0.x, 5.3.x, 6.0.0, and my version of master (before the introduction of the changes on this issue).  In earlier versions of the test client, I thought that I saw client stall more against the 5.0.x version of ATS, but once I fixed errors in the ats-test client, I no longer saw those errors.  

I don't doubt that there is an error, but it more subtle than a straightforward SSL_read over-read on handhshake.

[~sudheerv] how are you catching the problem in production?  Via slow logs?  What kind of traffic are you seeing?  Mostly posts?  Large responses?  Would it be possible for you to test with 5.3.0?  

> TS seems to stall between ua_begin and ua_first_read on some transactions resulting in high response times.
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: TS-3714
>                 URL: https://issues.apache.org/jira/browse/TS-3714
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 5.3.0
>            Reporter: Sudheer Vinukonda
>            Assignee: Sudheer Vinukonda
>             Fix For: 6.0.0
>
>
> An example slow log showing very high *ua_first_read*.
> {code}
> ERROR: [8624075] Slow Request: client_ip: xx.xx.xx.xxx url: http://xxxxxxxxxxxxxxxxxx.... status: 200 unique id: bytes: 86 fd: 0 client state: 0 serv
> er state: 9 ua_begin: 0.000 ua_first_read: 42.224 ua_read_header_done: 42.224 cache_open_rea
> d_begin: 42.224 cache_open_read_end: 42.224 dns_lookup_begin: 42.224 dns_lookup_end: 42.224
> server_connect: 42.224 server_first_read: 42.229 server_read_header_done: 42.229 server_clos
> e: 42.229 ua_begin_write: 42.229 ua_close: 42.229 sm_finish: 42.229
> {code}
> Initially, I suspected that it might be caused by browser's connecting early before sending any bytes to TS. However, this seems to be happening too frequently and with unrealistically high delay between *ua_begin* and *ua_first_read*.
> I suspect it's caused due to the code that disables the read temporarily before calling *TXN_START* hook and re-enables it after the API call out. The read disable is done via a 0-byte *do_io_read* on the client vc, but, the problem is that a valid *mbuf* is still passed. Based on what I am seeing, it's possible this results in actually enabling the *read_vio* all the way uptil *ssl_read_from_net* for instance (if there's a race condition and there were bytes already from the client resulting in an epoll read event), which would finally disable the read since, the *ntodo* (nbytes) is 0. However, this may result in the epoll event being lost until a new i/o happens from the client. I'm trying out further experiments to confirm the theory. In most cases, the read buffer already has some bytes by the time the http session and http sm is created, which makes it just work. But, if there's a slight delay in the receiving bytes after making a connection, the epoll mechanism should read it, but, due to the way the temporary read disable is being done, the event may be lost (this is coz, ATS uses the epoll edge triggered mode).
> Some history on this issue - 
> This issue has been a problem for a long time and affects both http and https requests. When this issue was first reported, our router operations team eventually closed it indicating that disabling *accept* threads resolved it ([~yzlai] also reported similar observations and conclusions). It's possible that the race condition window may be slightly reduced by disabling accept threads, but, to the overall performance and through put, accept threads are very important. I now notice that the issue still exists (regardless of whether or not accept threads are enabled/disabled) and am testing further to confirm the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)