[lvs-users] https slow using LVS-NAT

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] https slow using LVS-NAT
From: Dirk Bonenkamp - Bean IT <dirk@xxxxxxxxxx>
Date: Thu, 14 Oct 2010 10:32:10 +0200
 Hi All,

I'm having some trouble with https over LVS-NAT. In short: it works, but
it is slow. Much slower than http.

My setup (only one real server for debugging purposes, this should also
eliminate the persistence things with https): - Director - -----> - real server

ipvsadm -Ln output:
TCP rr
  ->                 Masq    1      0          0
TCP rr
  ->                Masq    1      0          0

No iptables or other 'strange' stuff. All servers are Unbuntu 10.04
fresh install.

Some figures (trough the director):

ab -c 5 -n 100
0.08 seconds

ab -c 5 -n 100
6.5 seconds

Directly to the real server (from an other machine in the

ab -c 5 -n 100
0.015 seconds

ab -c 5 -n 100
0.6 seconds

https is about 40 times slower than http when used directly, but about
80 times slower trough LVS. I expected a performance penalty for using
LVS, but also expected this to be (roughly) the same for a different TCP

The SSL certificate used is a self signed one, not al really valid one.
But this certificate is invalid for both situations (direct and trough
the director).

Any ideas on what I'm missing here..?


Kind regards,


Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>