Re: [users@httpd] Serious Performance Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Walter, Oliver (BR/ICA5) wrote:

i am no expert, but maybe you could post a snippet of your ssl.conf ?

on windows we experimented a lot with the ssl caching schemes which had a great influence on ssl performance. also the keepalive setting is important

have you actually measured/debugged ssl-handshake with openssl?

something like :

 $ openssl s_time -connect IP-address:443/somepath -time 60਀

or maybe it's just something with a very deep certificate ca chain ?

or ...

./allan

Hello list,

we have serious performance issues running apache 1.3.26 with ssl. Maybe
someone here has a hint we can do.

We are running a cluster with 2 HP DL380 with Dual CPU an 512 MB Ram. The
operating system is Debian Linux with Linux Virtual Server module ip_vs_wrr
on Port 80. HTTPS request are processed only on one node.

We use the server in 3 ways:

1. reverse proxy for several application server
2. with mod_caucho for the jsp delivery 3. webserver for static content

The server load is mostly around 1 - 1.5. The server is not swapping.

18:39:59 up 201 days, 23:07,  2 users,  load average: 0.74, 0.57, 0.66
86 processes: 83 sleeping, 2 running, 1 zombie, 0 stopped
CPU states:  16.9% user,  27.8% system,   0.0% nice,  55.3% idle
Mem:    517304K total,   468792K used,    48512K free,   184156K buffers
Swap:  4048992K total,     1576K used,  4047416K free,   120996K cached

We found out, that we have a lot of connection in close_wait state the several backend systems (mod_caucho -> resin).

netstat | grep CLOSE_WAIT ...
tcp        1      0 bridge15:3157           bridge28:6803           CLOSE_WAIT
tcp        1      0 bridge15:1912           bridge28:6803           CLOSE_WAIT

netstat | grep CLOSE_WAIT | wc -l
   1340

If they get to high (~4000), apache isn´t able to process any request anymore
(error_log):

[Tue Sep 20 15:15:10 2005] [error] [client xx.xx.xx.xx] (11)Resource temporarily unavailable: proxy connect to xxx.xxx.xxx.xxx port 80 failed

or

[Tue Sep 20 15:07:20 2005] [error] [client xx.xx.xx.xx] (111)Connection refused: proxy connect to xxx.xxx.xxx.xxx port 80 failed

We also can find a lot of the follwing error in the log:

[Tue Sep 20 15:03:34 2005] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Tue Sep 20 15:03:34 2005] [error] System: Connection reset by peer (errno: 104)

I think too much for canceled browser actions.

We already changed the value for timeout_closewait from 60 to 30, which reduced the above mentioned connections, but did not achive any performance increase. The only thing was, that the proxy errors stopped.

HTTPS request are still very poor, even if almost nobody is browsing our website.

Any ideas what the problem could be, or where we can take another look?

Best regards

Oliver Walter (BR/ICA5)

Zentrale Informationsverarbeitung
Bosch Rexroth AG
The Drive & Control Company
Sandweg 45
D-97737 Gemünden-Langenprozelten
phone: +49(0)9352-18-3977
fax:   +49(0)9352-18-3985
mailto:oliver.walter@xxxxxxxxxxxxxxx
http://www.boschrexroth.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux