Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx Optimizing TLS over TCP to reduce latency: TLS dynamic record sizing

Discussion in 'Nginx and PHP-FPM news & discussions' started by rdan, Jun 10, 2016.

  1. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    6:14 PM
    1.9.x
    10.1.x
    You said this on the second post, so my doubt came from there ;)


     
  2. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    But edited that post to correct my assumption ;)
     
  3. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    6:14 PM
    1.9.x
    10.1.x
    Ok, i just made a test on my site. Before and after the patch. Im using a non centminmod, with the default 16k ssl_buffer_size.

    Using webpagetest.org, with 9 tests, i did not see any diference before and after the patch regard ttfb and load page.
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah cloudflare blog article did say benefits will vary
     
  5. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    6:14 PM
    1.9.x
    10.1.x
    OK, i changed the ssl buffer size to 1369 and tested the ttfb again. Im getting results of 0,3 seconds, where it was 0,8s. Thats less than half.
    With the patch, it wasn't supposed to start at 1369? The ttfb should be the same.
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    think it depends on the total size of your assets and records see calculations i did at Nginx - Optimizing TLS over TCP to reduce latency: TLS dynamic record sizing | Centmin Mod Community

    so maybe for you you have alot more records being retransmitted above >220KB and thus hit the ssl_buffer_size fallback set size?
     
  7. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    6:14 PM
    1.9.x
    10.1.x
    Total size is 647 Kb but the biggest asset is 111 Kb.
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you'd probably have to dig into TCP traffic/wireshark to compare both tests etc
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  10. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Much older article but it's the reason Nginx eventually had an ssl_buffer_size value in the first place Optimizing TLS Record Size & Buffering Latency - igvita.com Good background reading :)

    guess we should be testing benefits over mobile speed connections and not cable and higher
    this next section is why ssl_buffer_size option came into being :) and why Centmin Mod Nginx defaulted to ssl_buffer_size = 1400 bytes (and now 1369 bytes default in 123.09beta01)
     
    Last edited: Jun 11, 2016
  11. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    7:14 PM
    Next stop for Cloudflare, making there Nginx Http/2 server push patch open source.
    Which they obviously not going to do.
    Or about a year or so if it's already in Nginx.
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah would be great to get hold of Nginx HTTP/2 server push patches. Though from testing Cloudflare's HTTP/2 server push implementation so far it ain't working that well for alot of folks. So don't mind them taking time to iron out the bugs first :D
     
  13. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    7:14 PM
    Hhmwha for something as server push, it is always important to look at each case specific.

    There are 100 thousands and more of different websites and, therefore, enough potential problems.
    So that it does not work for everyone seems logical to me.

    They can release the patch, however.
    eva2000 get everything to work. :)
     
  14. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    7:14 PM
  15. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice
    Module ngx_http_v2_module
     
  16. Matt

    Matt Well-Known Member

    925
    414
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +669
    Local Time:
    6:14 PM
    1.5.15
    MariaDB 10.2
    Just added this as well one a site, and quite a dramatic result:

    upload_2018-2-24_3-9-14.png

    Red arrow was the test 30 minutes prior to adding this.
     
  17. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Very nice .. always good to see real evidence of improvements and not just theory :D
     
  18. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    8:14 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Is this the TLS Patch that i have to add to the custom config so i can test it?
     
    Last edited: Feb 25, 2018
  19. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  20. eva2000

    eva2000 Administrator Staff Member

    53,487
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,671
    Local Time:
    3:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just re-quoting myself to bring to forefont what this TLS Dynamic record sizing patch does

    and from Cloudflare blog Optimizing TLS over TCP to reduce latency