Re: Slow SSL

[LVS@xxxxxxxxx]

Horms wrote:

> On Mon, Feb 21, 2005 at 09:46:47PM -0600, Jeff Royal wrote:
>  
>
> > I've added an SSL server to my realserver list.
> > Here is an example of my ldirectord.cf
> >
> > # Global Directives
> > checktimeout=20
> > checkinterval=10
> > logfile="/var/log/ldirectord.log"
> > quiescent=no
> >
> > # Virtual Server for HTTP
> > virtual=192.168.22.41:80
> >        real=lweb1:80 masq
> >        real=lweb2:80 masq
> >        fallback=192.168.22.70:80
> >        service=http
> >        request="/us/index.jsp"
> >        receive="working"
> >        scheduler=wlc
> >        persistent=1800
> >        netmask=255.255.255.0
> >        protocol=tcp
> >        checktype=negotiate
> >
> > # Virtual Server for HTTPS
> > virtual=192.168.22.41:443
> >        real=lweb3:443 masq
> >        service=https
> >        request="/test.ipage"
> >        receive="working"
> >        scheduler=wlc
> >        persistent=1800
> >        protocol=tcp
> >        checktype=negotiate
> >
> > I can get to the server through https:// but the pages load very slowly 
> > (~2 minutes compared to 4 seconds if I go directly to the realserver 
> > address)
> > I'm not sure where to start, as it works.
> >    
> Try using something like tcpdump or ethereal to trace the packets on the
> network and see what is going on.
>
>  
Thanks!!
FIXED!!

Looking at a tcpdump I was able to see that during the load of the page 
there were requests made to HTTP.
Working with the developers we found some code that was hard coded to 
port 80.  Removing that hard code the pages flew...
Last question.  There was a 20 second lag (looking at the tcpdump) each 
time one of these (http) requests  were made.
When one of these requests were made the LB had to switch to another 
machine (as HTTP was not sent to this machine).
Was the fact that we have a persistence setting causing the 20 second 
lag or was the delay strictly in our Java application?
I ask because I don't know if the 20 second "checktimeout" setting was 
just a coincidence.