533809 - Increase the ssl!cache!size on Zeus

Status: RESOLVED FIXED

(mozilla.org Graveyard :: Server Operations, task)

Description

[Wil Clouser [:clouserw]]

We talked a bit in the meeting about this.  It looks like we hold our SSL sessions open for 30 minutes but we have a maximum of 6000 sessions across all the AMO domains.  I think we run through that in seconds so it's not really getting any caching at all.

We should investigate increasing the ssl!cache!size flag on zeus and see if our performance improves.  As a baseline measurement, the purple on this graph is all SSL handshaking time:

http://www.webpagetest.org/result/091209_3GK5/1/details/

Comment 1

[matthew zeier [:mrz]]

Will test by bumping up to 1m.  Should eat about 700MB of mem (so next to nothing).

Comment 2

[matthew zeier [:mrz]]

Attachment: SSL Session ID hit rate

Point of reference, current SSL session cache hit rate is about 85%

Comment 3

[matthew zeier [:mrz]]

Attachment: Hits & Miss pre change

Comment 4

[matthew zeier [:mrz]]

Changes made and ZXTM restarted right now.

Comment 5

[Jeremy Orem [:oremj]]

Attachment: Hits & Misses post settings change.

Comment 6

[Jeremy Orem [:oremj]]

Looks about the same, but the size is now set @ 1,000,000. I think versioncheck is probably throwing off the graphs since almost no one will  be reusing their SSL session.

Comment 7

[Ryan Doherty (:rdoherty)]

New test:
http://www.webpagetest.org/result/091211_3JDB/1/details/

Looks like the multiple ssl negotiation wasn't due to session expiration. IE opens 6 connections/host, I think it may have to create a new ssl session for each connection.