The default bug view has changed. See this FAQ.

Increase the ssl!cache!size on Zeus

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
RESOLVED FIXED
7 years ago
2 years ago

People

(Reporter: clouserw, Assigned: oremj)

Tracking

Details

(Whiteboard: 12/10/2009 @ 9pm)

Attachments

(3 attachments)

(Reporter)

Description

7 years ago
We talked a bit in the meeting about this.  It looks like we hold our SSL sessions open for 30 minutes but we have a maximum of 6000 sessions across all the AMO domains.  I think we run through that in seconds so it's not really getting any caching at all.

We should investigate increasing the ssl!cache!size flag on zeus and see if our performance improves.  As a baseline measurement, the purple on this graph is all SSL handshaking time:

http://www.webpagetest.org/result/091209_3GK5/1/details/

Updated

7 years ago
Assignee: server-ops → mrz
Flags: needs-downtime+
Whiteboard: 12/10/2009 @ 9pm

Comment 1

7 years ago
Will test by bumping up to 1m.  Should eat about 700MB of mem (so next to nothing).

Comment 2

7 years ago
Created attachment 417037 [details]
SSL Session ID hit rate

Point of reference, current SSL session cache hit rate is about 85%

Comment 3

7 years ago
Created attachment 417046 [details]
Hits & Miss pre change

Comment 4

7 years ago
Changes made and ZXTM restarted right now.

Updated

7 years ago
Assignee: mrz → jeremy.orem+bugs

Updated

7 years ago
Flags: needs-downtime+
(Assignee)

Comment 5

7 years ago
Created attachment 417164 [details]
Hits & Misses post settings change.
(Assignee)

Comment 6

7 years ago
Looks about the same, but the size is now set @ 1,000,000. I think versioncheck is probably throwing off the graphs since almost no one will  be reusing their SSL session.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
New test:
http://www.webpagetest.org/result/091211_3JDB/1/details/

Looks like the multiple ssl negotiation wasn't due to session expiration. IE opens 6 connections/host, I think it may have to create a new ssl session for each connection.
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.