Pls help: delay with Nagle's algorithm

Question

Hi all,&nbsp;&nbsp;We're running 9.3 on a pair of LTM 6400.  We've virtual servers for LDAPS (using LTM's SSL acceleration) and LDAP traffic.   &nbsp;&nbsp;&nbsp;A user complained one of their jobs that issues 100K LDAP queries runs ~10 times longer than expected.  After some studies, we found that performance resumes normal if:&nbsp;&nbsp;&nbsp;- we switch the user job to use LDAPS virtual server on the 6400 !&nbsp;- bypass LTM and talk to backend LDAP servers directly&nbsp;- turn off Nagle's algorithm in tcp profile used by the LDAP and LDAPS virtual servers.&nbsp;&nbsp;&nbsp;Performance of single LDAP query to LDAP virtual server is of order 0.1ms while that for LDAPS virtual server is of order 0.01ms.&nbsp;&nbsp;&nbsp;Although the issue is resolved by defining a customized tcp profile with Nagle's Algorithm disabled, I wonder why when Nagle's Algorithm is enabled, there is no impact on performance for SSL accelerated virtual server (I expect both LDAP/LDAPS experience the same delay).&nbsp;&nbsp;&nbsp;Would anyone please help?  Thanks a lot.  &nbsp;&nbsp;&nbsp;Rgds,&nbsp;/ST Wong&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hamish · Answer

I bad the same problem recently but in reverse. Ldap was fast, ldaps was about 8x slower. Setting the VS to use the tcp-lan-optimised with no nagles etc sped it up... The reason for that is probably to do with the size of the object returned. Nagels algorithm goes out of its way to make the tcp stream efficient in terms of packets. But that usually means introducing a small delay in sending the data thats been written to the socket hoping we can put more data into ghe next packet being sent. 
&nbsp;  
&nbsp; The difference between the ldap and ldaps timings is probably to do with the different sizes of data being sent for the sponses when encrypted or not. 
&nbsp;  
&nbsp; Normally nagels would be bypassed at the host by setting TCP_NODELAY on the socket... But i think the issue is that the full proxy nature of bigip re-enables that delay because it doesnt realise that nagels was disabled by the app in the first place...  
&nbsp;  
&nbsp; H

st_wong · Answer

Thanks.    Still investigating into the cause...    Btw, I wonder if there is any tool on bigip (like strace or systemtap on linux) for further debugging...   
&nbsp;  
&nbsp; /S

st_wong · Answer

Thanks.    Still investigating into the cause...    Btw, I wonder if there is any tool on bigip (like strace or systemtap on linux) for further debugging...   
&nbsp;  
&nbsp; /S

st_wong · Answer

Thanks.    Still investigating into the cause...    Btw, I wonder if there is any tool on bigip (like strace or systemtap on linux) for further debugging...   
&nbsp;  
&nbsp; /S

st_wong · Answer

Thanks.    Still investigating into the cause...    Btw, I wonder if there is any tool on bigip (like strace or systemtap on linux) for further debugging...   
&nbsp;  
&nbsp; /S

Forum Discussion

Pls help: delay with Nagle's algorithm

7 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

A New and Better Nagle Algorithm

Is TCP's Nagle Algorithm Right for Me?

Lightboard Lessons: Nagle's Algorithm

Investigating the LTM TCP Profile: Nagle’s Algorithm

Add ssh-rsa to 17.1.1 host key algorithm