ssl benchmarks with and without nginx
Maxim Dounin
mdounin at mdounin.ru
Mon Sep 19 22:20:14 UTC 2011
Hello!
On Mon, Sep 19, 2011 at 09:56:19PM +0200, Aleksandar Lazic wrote:
> Dear Reader,
>
> today on the haproxy list was this link posted
>
> http://blog.exceliance.fr/2011/09/16/benchmarking_ssl_performance/
>
> I have asked why they not have tried to use nginx the answer was another
> link
>
> http://vincent.bernat.im/en/blog/2011-ssl-benchmark.html
>
> Maybe someone can verify if there is really a problem in nginx or this
> difference is due to the fact that nginx is a REAL Webserver and the
> other both 'only' SSL-Terminator.
The main problem I see is nginx configuration. By default nginx
is configured to handle real-word load, not for ssl session
microbenchmarks. And the config used in particular test makes
things even worse due to "multi_accept on" used. For
microbenchmarking ssl one want to use
events {
accept_mutext off;
multi_accept off;
...
}
to ensure better distribution of connections between worker
processes, this should resolve observed latency issues.
Maxim Dounin
p.s. Stunnel in the same test was obviously benchmarked with
non-threaded OpenSSL, and that's why it doesn't scale to multiple
CPUs. With properly compiled OpenSSL it will scale fine.
More information about the nginx
mailing list