nginx1.13.6 use IP_TRANSPARENT,Existing performance problems

[huifeidexingyuner@…]

1.nginx13.6 config：
server {

listen 10082;

proxy_bind $remote_addr transparent;

location / {

proxy_pass ​http://$http_host$request_uri;

}

}

2.linux kernel 2.6.35 and use the TPORXY module

3.send 10000 packets,Capture found lost send one syn or two syn to the server

4.In the end it is，nginx Performance is not good ? or kernel Performance is not good?

[Maxim Dounin]

From nginx point of view, transparent proxying is no different from normal one, it just uses setsockopt(IP_TRANSPARENT) and bind() to set requested address. If you see poor performance compared to normal proxying, likely the problem is either in kernel or in your network configuration. In particular, I would recommend to check if there are enough connection states.

[huifeidexingyuner@…]

Replying to mdounin:

From nginx point of view, transparent proxying is no different from normal one, it just uses setsockopt(IP_TRANSPARENT) and bind() to set requested address. If you see poor performance compared to normal proxying, likely the problem is either in kernel or in your network configuration. In particular, I would recommend to check if there are enough connection states.

Only a bridge link is done, and "netstat -an" see more than 6000 connection state exists.

[Maxim Dounin]

As previously said, nginx behaviour with transparent proxying is no different from normal one. If you see poor performance, the problem is either in the kernel or, more likely, in your network configuration. Note that transparent proxying generally requires much different network configuration, and it requires deep understanding of the packet flow to configure. Either way, this does not look like something to be addressed on the nginx side.