<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.30.3">
</HEAD>
<BODY>
Oops, I have accidentally replied to sender, rather than to the group. Sorry :-(<BR>
Here goes again for the group...<BR>
<BR>
<BR>
Hello Chandru, <BR>
<BR>
thank you for taking the time to read my posts and respond!<BR>
<BR>
On Fri, 2011-05-06 at 21:30 +0100, Chandru wrote:<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
The behavior was somewhat better - the load test of about 2000<BR>
requests would work correctly for about 30 seconds, then all<BR>
subsequent requests would fail. When using erlang ssl, such load test<BR>
would fail immediately. <BR>
</BLOCKQUOTE>
<BR>
Which side do you think they failed? Server or client?<BR>
</BLOCKQUOTE>
<BR>
It's a very good question, since you use the word think :-)<BR>
I strongly suspect it is the server. There are couple of reasons, most significant one being that the client works perfectly in the configuration where stunnel is on the separate machine.<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
I have then moved stunnel proxy to a separate server, and then it<BR>
worked perfectly. <BR>
<BR>
Currently, I am suspecting that cpu load might be the problem. When I<BR>
had stunnel on the same machine as erlang server, cpu load was going<BR>
high. The same thing happened when I used erlang ssl. When stunnel is<BR>
on a separate machine, the cpu load on both machines is fairly low. <BR>
</BLOCKQUOTE>
<BR>
That is quite strange. What is the spec of the machine? This might be a peculiarity of the virtual instances you get on EC2. Is there any chance you can repeat this test on dedicated hardware? When running both on the same machine, have you monitored which process eats more CPU? beam or stunnel?<BR>
</BLOCKQUOTE>
<BR>
It is the "large" EC2 instance with two cores and 7.5 GB of memory. The same type of instance sustained 12 hours of http load testing with 20 000 clients and is running the production system serving about 700 http users on average (about 1000 at the peak) since January this year.<BR>
Unfortunately I don't have dedicated hardware available. On monday I will try to test it again using four cores instance on the server.<BR>
<BR>
As for your last question, I didn't do exact measuring, but from what I have noticed, the beam was doing some more work. Also, when they were on the separate machines, cpu load of the beam server was 2x higher than the stunnel one. Both combined were significantly smaller (about 10x) then the cpu load which occurred when they were on the same machine.<BR>
<BR>
The beam server code is very simple. Unfortunately I don't have it here right now, as I am posting this from my home, but I can post the code on Monday if necessary.<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
I remember a similar situation in the past trying to run load tests on EC2. It was hard to get a predictable set of results when load testing because the performance for the same test used to fluctuate.<BR>
</BLOCKQUOTE>
<BR>
Yes, I also suspect it is hard to get the exact results on the cloud, which is why I originally mentioned I am using it.<BR>
However, from the load tests I did couple of months ago, and from the current batch, I feel I can get approximation which is good enough. The tests seemed to work or fail consistently so far.<BR>
<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
I cannot explain why it works better with stunnel. Do I have to<BR>
manually configure ssl sessions when using erlang? As I mentioned<BR>
earlier, the client does long polling i.e. it sends an request, and as<BR>
soon as the request is responded, the new one is made. Is it possible<BR>
that ssl handhsake occurs for every request? <BR>
</BLOCKQUOTE>
<BR>
I doubt the handshake occurs for every request. It might have something to do with the fact that stunnel is written in C so is likely to benefit in terms of performance. You could try hipe compilation of the ssl application to see if that gives you any better performance.<BR>
</BLOCKQUOTE>
<BR>
Well it is the erlang client, and in fact, I'm using the ibrowse library and not httpc. There is no explicit ssl connection, but rather an infinite loop of https requests. At the client side, on what level is the SSL session being maintained: OS, erlang or the http(s) library?<BR>
<BR>
I will try to hipe compile it, thank you for the suggestion. Are there any instructions out there, which you could recommend, or should I google it myself?<BR>
<BR>
<BLOCKQUOTE TYPE=CITE>
<BR>
cheers<BR>
Chandru<BR>
<BR>
</BLOCKQUOTE>
<BR>
Thank you again for taking the time to help me.<BR>
<BR>
Best regards,<BR>
Sasa
</BODY>
</HTML>