Hi All, I'm having some trouble with https over LVS-NAT. In short: it works, but it is slow. Much slower than http.
My setup (only one real server for debugging purposes, this should also eliminate the persistence things with https): 192.168.1.222 - Director - 10.0.0.2 -----> 10.0.0.30 - real server ipvsadm -Ln output: TCP 192.168.1.222:80 rr -> 10.0.0.30:80 Masq 1 0 0 TCP 192.168.1.222:443 rr -> 10.0.0.30:443 Masq 1 0 0 No iptables or other 'strange' stuff. All servers are Unbuntu 10.04 fresh install. Some figures (trough the director): ab -c 5 -n 100 http://192.168.1.222/ldirector.html 0.08 seconds ab -c 5 -n 100 https://192.168.1.222/ldirector.html 6.5 seconds Directly to the real server (from an other machine in the 10.0.0.0/24 range): ab -c 5 -n 100 http://10.0.0.30/ldirector.html 0.015 seconds ab -c 5 -n 100 https://10.0.0.30/ldirector.html 0.6 seconds https is about 40 times slower than http when used directly, but about 80 times slower trough LVS. I expected a performance penalty for using LVS, but also expected this to be (roughly) the same for a different TCP protocols. The SSL certificate used is a self signed one, not al really valid one. But this certificate is invalid for both situations (direct and trough the director). Any ideas on what I'm missing here..? Thanks! Kind regards, Dirk _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
