|
Hi All,
I'm having some trouble with https over LVS-NAT. In short: it works, but
it is slow. Much slower than http.
My setup (only one real server for debugging purposes, this should also
eliminate the persistence things with https):
192.168.1.222 - Director - 10.0.0.2 -----> 10.0.0.30 - real server
ipvsadm -Ln output:
TCP 192.168.1.222:80 rr
-> 10.0.0.30:80 Masq 1 0 0
TCP 192.168.1.222:443 rr
-> 10.0.0.30:443 Masq 1 0 0
No iptables or other 'strange' stuff. All servers are Unbuntu 10.04
fresh install.
Some figures (trough the director):
ab -c 5 -n 100 http://192.168.1.222/ldirector.html
0.08 seconds
ab -c 5 -n 100 https://192.168.1.222/ldirector.html
6.5 seconds
Directly to the real server (from an other machine in the 10.0.0.0/24
range):
ab -c 5 -n 100 http://10.0.0.30/ldirector.html
0.015 seconds
ab -c 5 -n 100 https://10.0.0.30/ldirector.html
0.6 seconds
https is about 40 times slower than http when used directly, but about
80 times slower trough LVS. I expected a performance penalty for using
LVS, but also expected this to be (roughly) the same for a different TCP
protocols.
The SSL certificate used is a self signed one, not al really valid one.
But this certificate is invalid for both situations (direct and trough
the director).
Any ideas on what I'm missing here..?
Thanks!
Kind regards,
Dirk
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
