Last Comment Bug 533809 - Increase the ssl!cache!size on Zeus
: Increase the ssl!cache!size on Zeus
12/10/2009 @ 9pm
Product: Graveyard
Classification: Graveyard
Component: Server Operations (show other bugs)
: other
: All Other
: -- normal (vote)
: ---
Assigned To: Jeremy Orem [:oremj]
: matthew zeier [:mrz]
Depends on:
  Show dependency treegraph
Reported: 2009-12-09 13:10 PST by Wil Clouser [:clouserw]
Modified: 2015-03-12 08:17 PDT (History)
4 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---

SSL Session ID hit rate (18.45 KB, image/png)
2009-12-10 21:26 PST, matthew zeier [:mrz]
no flags Details
Hits & Miss pre change (52.39 KB, image/png)
2009-12-10 22:56 PST, matthew zeier [:mrz]
no flags Details
Hits & Misses post settings change. (25.61 KB, image/png)
2009-12-11 14:12 PST, Jeremy Orem [:oremj]
no flags Details

Description Wil Clouser [:clouserw] 2009-12-09 13:10:04 PST
We talked a bit in the meeting about this.  It looks like we hold our SSL sessions open for 30 minutes but we have a maximum of 6000 sessions across all the AMO domains.  I think we run through that in seconds so it's not really getting any caching at all.

We should investigate increasing the ssl!cache!size flag on zeus and see if our performance improves.  As a baseline measurement, the purple on this graph is all SSL handshaking time:
Comment 1 matthew zeier [:mrz] 2009-12-09 19:40:16 PST
Will test by bumping up to 1m.  Should eat about 700MB of mem (so next to nothing).
Comment 2 matthew zeier [:mrz] 2009-12-10 21:26:40 PST
Created attachment 417037 [details]
SSL Session ID hit rate

Point of reference, current SSL session cache hit rate is about 85%
Comment 3 matthew zeier [:mrz] 2009-12-10 22:56:35 PST
Created attachment 417046 [details]
Hits & Miss pre change
Comment 4 matthew zeier [:mrz] 2009-12-10 22:58:51 PST
Changes made and ZXTM restarted right now.
Comment 5 Jeremy Orem [:oremj] 2009-12-11 14:12:19 PST
Created attachment 417164 [details]
Hits & Misses post settings change.
Comment 6 Jeremy Orem [:oremj] 2009-12-11 14:12:57 PST
Looks about the same, but the size is now set @ 1,000,000. I think versioncheck is probably throwing off the graphs since almost no one will  be reusing their SSL session.
Comment 7 Ryan Doherty (:rdoherty) 2009-12-11 14:58:53 PST
New test:

Looks like the multiple ssl negotiation wasn't due to session expiration. IE opens 6 connections/host, I think it may have to create a new ssl session for each connection.

Note You need to log in before you can comment on or make changes to this bug.