nginx KTLS and HTTP/2 performance degradation

Maxim Dounin mdounin at mdounin.ru
Thu Dec 2 13:07:29 UTC 2021


Hello!

On Thu, Dec 02, 2021 at 02:05:52PM +0200, Lyuben Stoev wrote:

> Hello,
>      I have tested the nginx with the patch 
> https://hg.nginx.org/nginx/rev/65946a191197 (SSL: SSL_sendfile() support 
> with kernel TLS.) following the nginx blog article 
> https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/ 
> And it sort of works, but I have bad performance when making HTTP/2 
> requests. If I made a HTTP/1.1 request there is 30-35% increase in 
> performance as the Nginx blog article stated, but when I changed the 
> request to use HTTP/2 the request was 40% slower than an ordinary nginx 
> without KTLS enabled. Does anyone have such perfomance degradation with 
> nginx KTLS and HTTP/2? I am using generic setup - Ubuntu 20.04.3 LTS and 
> kernels 5.8.0-63-generic (the same results are with 5.4.0-91-generic). 
> The nginx vritual host is the same as in the Nginx blog article with 
> exception of adding http2 to the listen! OpenSSL 3.0.0 and nginx 1.21.4 
> are used.
> The KTLS seems to work, because the strace and debug logs show it. Just 
> the sstrange thing is when using HTTP2, the sendfile syscalls look:
>      write(39, "\0 \0\0\0\0\0\0\1", 9)       = 9
>      sendfile(39, 131, [1418218] => [1426410], 8192) = 8192
>      write(39, "\0 \0\0\0\0\0\0\1", 9)       = 9
>      sendfile(39, 131, [1426410] => [1434602], 8192) = 8192
>      write(39, "\0 \0\0\0\0\0\0\1", 9)       = 9
>      sendfile(39, 131, [1434602] => [1442794], 8192) = 8192
>      write(39, "\0 \0\0\0\0\0\0\1", 9)       = 9
>      sendfile(39, 131, [1442794] => [1450986], 8192) = 8192
>      write(39, "\0 \0\0\0\0\0\0\1", 9)       = 9
>      sendfile(39, 131, [1450986] => [1459178], 8192) = 8192
>      write(39, "\0 \0\0\0\0\0\0\1", 9)       = 9
>      sendfile(39, 131, [1459178] => [1467370], 8192) = 8192
> 
> It is always 8K and there are thousands of sendfile syscalls....

That's expected, because of HTTP/2 framing.  Unfortunately, HTTP/2 
isn't designed to work with sendfile(), and sending large files 
over HTTP/2 require a lot of sendfile() syscalls.  In general, for 
HTTP/2 it is better to keep sendfile() disabled.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx-devel mailing list