Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#1466 closed enhancement (invalid)

nginx1.13.6 use IP_TRANSPARENT,Existing performance problems

Reported by: huifeidexingyuner@… Owned by:
Priority: critical Milestone:
Component: other Version: 1.13.x
Keywords: tproxy Cc:
uname -a:
nginx -V: 1.13.6

Description

1.nginx13.6 config:
server {

listen 10082;

proxy_bind $remote_addr transparent;

location / {

proxy_pass http://$http_host$request_uri;

}

}

2.linux kernel 2.6.35 and use the TPORXY module

3.send 10000 packets,Capture found lost send one syn or two syn to the server

4.In the end it is,nginx Performance is not good ? or kernel Performance is not good?

Change History (2)

comment:1 follow-up: Changed 5 months ago by mdounin

  • Resolution set to invalid
  • Status changed from new to closed

From nginx point of view, transparent proxying is no different from normal one, it just uses setsockopt(IP_TRANSPARENT) and bind() to set requested address. If you see poor performance compared to normal proxying, likely the problem is either in kernel or in your network configuration. In particular, I would recommend to check if there are enough connection states.

comment:2 in reply to: ↑ 1 Changed 5 months ago by huifeidexingyuner@…

Replying to mdounin:

From nginx point of view, transparent proxying is no different from normal one, it just uses setsockopt(IP_TRANSPARENT) and bind() to set requested address. If you see poor performance compared to normal proxying, likely the problem is either in kernel or in your network configuration. In particular, I would recommend to check if there are enough connection states.

(1)Only a bridge link is done, and "netstat -an" see more than 6000 connection state exists.Is it not in this mode of IP_TRANSPARENT?
(2)The same network environment and not set IP_TRANSPARENT, do not lose one syn packet, performace is good

Last edited 5 months ago by huifeidexingyuner@… (previous) (diff)
Note: See TracTickets for help on using tickets.