Large latency increase when using a resolver for proxy_pass

user384829 nginx-forum at forum.nginx.org
Wed Mar 1 12:32:03 UTC 2017 

Hi,
I am wanting to resolve upstream hostnames used for proxy_pass inline with
the TTL of the DNS record but when I add this configuration the response
from nginx is MUCH slower.
I've run tcpdump and the upstream DNS record is be resolved and reresolved
as TTL would dictate.
But requests are slower even when the TTL has not expired and nginx is not
attempting to resolve the record.

The difference is quite large: 0.3s vs 1s.

Measured like this:
curl -w "%{response_code} %{time_total}\n" -s -o /dev/null
'http://my_nginx_host/api/something_something


== Slow Configuration ===

resolver                  8.8.8.8 8.8.4.4 ipv6=off;
server {
    listen              80;
    set $upstream_host https://my.upstream-host.com;
    location ~ /api/ {
        rewrite               /api/(.*) /$1 break;
        proxy_pass            $upstream_host;
    }
}

And tcpdump:
12:56:16.697158 IP 10.180.32.6.19343 > 10.76.8.92.80: Flags [P.], seq
2024041718:2024042038, ack 2611558079, win 4136, options [nop,nop,TS val
829926189 ecr 2513956729], length 320: HTTP: GET /api/something_something
HTTP/1.1
12:56:16.697175 IP 10.76.8.92.80 > 10.180.32.6.19343: Flags [.], ack 320,
win 229, options [nop,nop,TS val 2513956752 ecr 829926189], length 0
12:56:16.697287 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [S], seq
239123061, win 28400, options [mss 1420,sackOK,TS val 2513956752 ecr
0,nop,wscale 7], length 0
12:56:16.841393 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [S.], seq
2824997386, ack 239123062, win 28960, options [mss 1460,sackOK,TS val
1717524764 ecr 2513956752,nop,wscale 5], length 0
12:56:16.841423 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [.], ack 1,
win 222, options [nop,nop,TS val 2513956896 ecr 1717524764], length 0
12:56:16.841585 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [P.], seq
1:290, ack 1, win 222, options [nop,nop,TS val 2513956896 ecr 1717524764],
length 289
12:56:16.985287 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [.], ack 290,
win 939, options [nop,nop,TS val 1717524908 ecr 2513956896], length 0
12:56:16.985428 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [P.], seq
1:4097, ack 290, win 939, options [nop,nop,TS val 1717524908 ecr
2513956896], length 4096
12:56:16.985442 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [.], ack
4097, win 286, options [nop,nop,TS val 2513957040 ecr 1717524908], length 0
12:56:16.986672 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [P.], seq
4097:4736, ack 290, win 939, options [nop,nop,TS val 1717524909 ecr
2513956896], length 639
12:56:16.986679 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [.], ack
4736, win 308, options [nop,nop,TS val 2513957041 ecr 1717524909], length 0
12:56:16.987530 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [P.], seq
290:416, ack 4736, win 308, options [nop,nop,TS val 2513957042 ecr
1717524909], length 126
12:56:17.131482 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [P.], seq
4736:4962, ack 416, win 939, options [nop,nop,TS val 1717525054 ecr
2513957042], length 226
12:56:17.131714 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [P.], seq
416:779, ack 4962, win 330, options [nop,nop,TS val 2513957186 ecr
1717525054], length 363
12:56:17.315103 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [.], ack 779,
win 972, options [nop,nop,TS val 1717525238 ecr 2513957186], length 0
12:56:17.649290 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [P.], seq
4962:5766, ack 779, win 972, options [nop,nop,TS val 1717525572 ecr
2513957186], length 804
12:56:17.649310 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [P.], seq
5766:5797, ack 779, win 972, options [nop,nop,TS val 1717525572 ecr
2513957186], length 31
12:56:17.649366 IP 23.210.228.34.443 > 10.76.8.92.48696: Flags [F.], seq
5797, ack 779, win 972, options [nop,nop,TS val 1717525572 ecr 2513957186],
length 0
12:56:17.649377 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [.], ack
5797, win 352, options [nop,nop,TS val 2513957704 ecr 1717525572], length 0
12:56:17.649566 IP 10.76.8.92.48696 > 23.210.228.34.443: Flags [F.], seq
779, ack 5798, win 352, options [nop,nop,TS val 2513957704 ecr 1717525572],
length 0
12:56:17.649599 IP 10.76.8.92.80 > 10.180.32.6.19343: Flags [P.], seq 1:789,
ack 320, win 229, options [nop,nop,TS val 2513957704 ecr 829926189], length
788: HTTP: HTTP/1.1 200 OK

== Fast Configuration ===

server {
    listen              80;
    location ~ /api/ {
        rewrite               /api/(.*) /$1 break;
        proxy_pass            https://my.upstream-host.com;
    }
}

And tcpdump:
12:49:13.058495 IP 10.180.32.5.15708 > 10.76.5.82.80: Flags [P.], seq
4214721185:4214721506, ack 57908483, win 4136, options [nop,nop,TS val
829505219 ecr 2514027940], length 321: HTTP: GET /api/something_something
HTTP/1.1
12:49:13.058510 IP 10.76.5.82.80 > 10.180.32.5.15708: Flags [.], ack 321,
win 229, options [nop,nop,TS val 2514027965 ecr 829505219], length 0
12:49:13.058696 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [S], seq
722986122, win 28400, options [mss 1420,sackOK,TS val 2514027965 ecr
0,nop,wscale 7], length 0
12:49:13.064657 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [S.], seq
3299173152, ack 722986123, win 28960, options [mss 1460,sackOK,TS val
1717551633 ecr 2514027965,nop,wscale 5], length 0
12:49:13.064677 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [.], ack 1, win
222, options [nop,nop,TS val 2514027971 ecr 1717551633], length 0
12:49:13.064808 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [P.], seq 1:482,
ack 1, win 222, options [nop,nop,TS val 2514027971 ecr 1717551633], length
481
12:49:13.070245 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [.], ack 482,
win 939, options [nop,nop,TS val 1717551639 ecr 2514027971], length 0
12:49:13.070423 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [P.], seq 1:138,
ack 482, win 939, options [nop,nop,TS val 1717551639 ecr 2514027971], length
137
12:49:13.070432 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [.], ack 138,
win 231, options [nop,nop,TS val 2514027977 ecr 1717551639], length 0
12:49:13.070619 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [P.], seq
482:533, ack 138, win 231, options [nop,nop,TS val 2514027977 ecr
1717551639], length 51
12:49:13.070663 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [P.], seq
533:896, ack 138, win 231, options [nop,nop,TS val 2514027977 ecr
1717551639], length 363
12:49:13.076080 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [.], ack 896,
win 972, options [nop,nop,TS val 1717551644 ecr 2514027977], length 0
12:49:13.287759 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [P.], seq
138:942, ack 896, win 972, options [nop,nop,TS val 1717551856 ecr
2514027977], length 804
12:49:13.287832 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [P.], seq
942:973, ack 896, win 972, options [nop,nop,TS val 1717551856 ecr
2514027977], length 31
12:49:13.287843 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [.], ack 973,
win 243, options [nop,nop,TS val 2514028194 ecr 1717551856], length 0
12:49:13.287845 IP 23.66.26.5.443 > 10.76.5.82.32816: Flags [F.], seq 973,
ack 896, win 972, options [nop,nop,TS val 1717551856 ecr 2514027977], length
0
12:49:13.287972 IP 10.76.5.82.32816 > 23.66.26.5.443: Flags [F.], seq 896,
ack 974, win 243, options [nop,nop,TS val 2514028194 ecr 1717551856], length
0
12:49:13.288004 IP 10.76.5.82.80 > 10.180.32.5.15708: Flags [P.], seq 1:789,
ack 321, win 229, options [nop,nop,TS val 2514028194 ecr 829505219], length
788: HTTP: HTTP/1.1 200 OK

I know the upstreams in the two tcpdump examples here have different IP
addresses but the upstream is Akamai with a TTL on 19s so they are
constantly changing. But the the response time is absolutely consistent at
0.3s vs 1s.

What am I missing here? Is it because the upstream host is using HTTPS? I am
using version 1.11.10.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272679,272679#msg-272679

More information about the nginx mailing list