Join the community today
Register Now

Nginx Optimizing TLS over TCP to reduce latency: TLS dynamic record sizing

Discussion in 'Nginx and PHP-FPM news & discussions' started by rdan, Jun 10, 2016.

  1. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:14 AM
    1.9.x
    10.1.x
    You said this on the second post, so my doubt came from there ;)

     
  2. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    But edited that post to correct my assumption ;)
     
  3. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:14 AM
    1.9.x
    10.1.x
    Ok, i just made a test on my site. Before and after the patch. Im using a non centminmod, with the default 16k ssl_buffer_size.

    Using webpagetest.org, with 9 tests, i did not see any diference before and after the patch regard ttfb and load page.
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah cloudflare blog article did say benefits will vary
     
  5. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:14 AM
    1.9.x
    10.1.x
    OK, i changed the ssl buffer size to 1369 and tested the ttfb again. Im getting results of 0,3 seconds, where it was 0,8s. Thats less than half.
    With the patch, it wasn't supposed to start at 1369? The ttfb should be the same.
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    think it depends on the total size of your assets and records see calculations i did at Nginx - Optimizing TLS over TCP to reduce latency: TLS dynamic record sizing | Centmin Mod Community

    so maybe for you you have alot more records being retransmitted above >220KB and thus hit the ssl_buffer_size fallback set size?
     
  7. Revenge

    Revenge Active Member

    454
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +343
    Local Time:
    10:14 AM
    1.9.x
    10.1.x
    Total size is 647 Kb but the biggest asset is 111 Kb.
     
  8. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    you'd probably have to dig into TCP traffic/wireshark to compare both tests etc
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  10. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Much older article but it's the reason Nginx eventually had an ssl_buffer_size value in the first place Optimizing TLS Record Size & Buffering Latency - igvita.com Good background reading :)

    guess we should be testing benefits over mobile speed connections and not cable and higher
    this next section is why ssl_buffer_size option came into being :) and why Centmin Mod Nginx defaulted to ssl_buffer_size = 1400 bytes (and now 1369 bytes default in 123.09beta01)
     
    Last edited: Jun 11, 2016
  11. buik

    buik “It always seems impossible until it’s done.” Premium Member

    1,296
    350
    83
    Apr 29, 2016
    Ratings:
    +1,054
    Local Time:
    11:14 AM
    Next stop for Cloudflare, making there Nginx Http/2 server push patch open source.
    Which they obviously not going to do.
    Or about a year or so if it's already in Nginx.
     
  12. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah would be great to get hold of Nginx HTTP/2 server push patches. Though from testing Cloudflare's HTTP/2 server push implementation so far it ain't working that well for alot of folks. So don't mind them taking time to iron out the bugs first :D
     
  13. buik

    buik “It always seems impossible until it’s done.” Premium Member

    1,296
    350
    83
    Apr 29, 2016
    Ratings:
    +1,054
    Local Time:
    11:14 AM
    Hhmwha for something as server push, it is always important to look at each case specific.

    There are 100 thousands and more of different websites and, therefore, enough potential problems.
    So that it does not work for everyone seems logical to me.

    They can release the patch, however.
    eva2000 get everything to work. :)
     
  14. buik

    buik “It always seems impossible until it’s done.” Premium Member

    1,296
    350
    83
    Apr 29, 2016
    Ratings:
    +1,054
    Local Time:
    11:14 AM
  15. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    nice
    Module ngx_http_v2_module
     
  16. Matt

    Matt Moderator Staff Member

    862
    387
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +606
    Local Time:
    10:14 AM
    1.5.15
    MariaDB 10.2
    Just added this as well one a site, and quite a dramatic result:

    upload_2018-2-24_3-9-14.png

    Red arrow was the test 30 minutes prior to adding this.
     
  17. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Very nice .. always good to see real evidence of improvements and not just theory :D
     
  18. pamamolf

    pamamolf Premium Member Premium Member

    3,826
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    12:14 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Is this the TLS Patch that i have to add to the custom config so i can test it?
     
    Last edited: Feb 25, 2018
  19. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  20. eva2000

    eva2000 Administrator Staff Member

    44,743
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    7:14 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Just re-quoting myself to bring to forefont what this TLS Dynamic record sizing patch does

    and from Cloudflare blog Optimizing TLS over TCP to reduce latency