FAQ
Hi
     i wrote a tls program which acts like a https reverse proxy, receiving
  https requests and transfer them to http backend.
     but it's performance is so bad, benchmark is as follows:

Transactions: 95 hits
Availability: 100.00 %
Elapsed time: 9.09 secs
Data transferred: 0.06 MB
Response time: 6.60 secs
Transaction rate: 10.45 trans/sec

     i configured nginx as a reverse proxy, and the benchmark is:

Transaction rate: 340.48 trans/sec


     both test ares under the same environment, length of public rsa key is
2048 bits, so the ssl handshake is very cpu intensive. but i can't believe
go's performance is so bad. what's the problem?

the code is as follows:

package main

import (

         "flag"

         "net/http"

         "net/http/httputil"

         "net/url"

         "time"

         "log"

)

func main() {

         var src, dst string

         flag.Parse()

         args := flag.Args()

         if len(args) >= 1 {

                 dst = args[0]

         } else {

                 dst = "127.0.0.1:8080"

         }

         if len(args) == 2 {

                 src = args[1]

         } else {

                 src = ":80"

         }

         u, e := url.Parse(dst)

         if e != nil {

                 log.Fatal("Bad destination.")

         }

         h := httputil.NewSingleHostReverseProxy(u)

         s := &http.Server{

                 Addr: src,

                 Handler: h,

                 ReadTimeout: 10 * time.Second,

                 WriteTimeout: 10 * time.Second,

                 MaxHeaderBytes: 1 << 20,

         }

         log.Fatal(s.ListenAndServeTLS("/home/work/nginx/conf/server.crt",
"/home/work/nginx/conf/server.key.unsecure"))
}

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • James Wendel at Mar 27, 2014 at 5:08 am
    Not sure it matters, but were both using the same cipher suite and SSL version when connecting?

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Cheng Luo at Mar 27, 2014 at 5:58 am
    YES ,same key and cipher suite as follows:

    Server public key is 2048 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-SHA

    在 2014年3月27日星期四UTC+8下午1时08分11秒,James Wendel写道:
    Not sure it matters, but were both using the same cipher suite and SSL
    version when connecting?
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • James Wendel at Mar 27, 2014 at 5:09 pm
    Unless someone else has a suggestion

    1) Rerun your test without TLS to see how Go compares to Nginx without TLS
    in the picture.
    2) Try using profiling (pprof) on your app to see where it's spending most
    of its time.

    Another thing.. how many child processes do you have Nginx running? That
    would allow Nginx to scale across multiple Cores. For Go, try
    setting GOMAXPROCS to use more CPUs.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Shane Hansen at Mar 27, 2014 at 6:47 pm
    Without code I can only shoot in the dark, which is my favorite kind of
    shooting.
    I'd pull up wireshark and look for things like session resumption, also 10
    ssl terminations per second
    even on a single core seems really wrong.

    On Thu, Mar 27, 2014 at 11:09 AM, James Wendel wrote:

    Unless someone else has a suggestion

    1) Rerun your test without TLS to see how Go compares to Nginx without TLS
    in the picture.
    2) Try using profiling (pprof) on your app to see where it's spending most
    of its time.

    Another thing.. how many child processes do you have Nginx running? That
    would allow Nginx to scale across multiple Cores. For Go, try
    setting GOMAXPROCS to use more CPUs.

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Kyle Lemons at Mar 28, 2014 at 2:05 am
    both 10tx/s and 350tx/s seem awfully low, but my wild, wild guess would be
    that it's because Go's crypto library doesn't support TLS renegotiation.

    On Wed, Mar 26, 2014 at 7:56 PM, wrote:

    Hi
    i wrote a tls program which acts like a https reverse proxy, receiving
    https requests and transfer them to http backend.
    but it's performance is so bad, benchmark is as follows:

    Transactions: 95 hits
    Availability: 100.00 %
    Elapsed time: 9.09 secs
    Data transferred: 0.06 MB
    Response time: 6.60 secs
    Transaction rate: 10.45 trans/sec

    i configured nginx as a reverse proxy, and the benchmark is:

    Transaction rate: 340.48 trans/sec


    both test ares under the same environment, length of public rsa key is
    2048 bits, so the ssl handshake is very cpu intensive. but i can't believe
    go's performance is so bad. what's the problem?

    the code is as follows:

    package main

    import (

    "flag"

    "net/http"

    "net/http/httputil"

    "net/url"

    "time"

    "log"

    )

    func main() {

    var src, dst string

    flag.Parse()

    args := flag.Args()

    if len(args) >= 1 {

    dst = args[0]

    } else {

    dst = "127.0.0.1:8080"

    }

    if len(args) == 2 {

    src = args[1]

    } else {

    src = ":80"

    }

    u, e := url.Parse(dst)

    if e != nil {

    log.Fatal("Bad destination.")

    }

    h := httputil.NewSingleHostReverseProxy(u)

    s := &http.Server{

    Addr: src,

    Handler: h,

    ReadTimeout: 10 * time.Second,

    WriteTimeout: 10 * time.Second,

    MaxHeaderBytes: 1 << 20,

    }

    log.Fatal(s.ListenAndServeTLS("/home/work/nginx/conf/server.crt",
    "/home/work/nginx/conf/server.key.unsecure"))
    }

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedMar 27, '14 at 3:46a
activeMar 28, '14 at 2:05a
posts6
users4
websitegolang.org

People

Translate

site design / logo © 2022 Grokbase