Opened 7 years ago

Closed 6 years ago

#1466 closed enhancement (invalid)

nginx1.13.6 use IP_TRANSPARENT,Existing performance problems

Reported by: huifeidexingyuner@… Owned by:
Priority: critical Milestone:
Component: other Version: 1.13.x
Keywords: tproxy Cc:
uname -a:
nginx -V: 1.13.6

Description

1.nginx13.6 config:
server {

listen 10082;

proxy_bind $remote_addr transparent;

location / {

proxy_pass http://$http_host$request_uri;

}

}

2.linux kernel 2.6.35 and use the TPORXY module

3.send 10000 packets,Capture found lost send one syn or two syn to the server

4.In the end it is,nginx Performance is not good ? or kernel Performance is not good?

Change History (4)

comment:1 by Maxim Dounin, 7 years ago

Resolution: invalid
Status: newclosed

From nginx point of view, transparent proxying is no different from normal one, it just uses setsockopt(IP_TRANSPARENT) and bind() to set requested address. If you see poor performance compared to normal proxying, likely the problem is either in kernel or in your network configuration. In particular, I would recommend to check if there are enough connection states.

in reply to:  1 comment:2 by huifeidexingyuner@…, 7 years ago

Replying to mdounin:

From nginx point of view, transparent proxying is no different from normal one, it just uses setsockopt(IP_TRANSPARENT) and bind() to set requested address. If you see poor performance compared to normal proxying, likely the problem is either in kernel or in your network configuration. In particular, I would recommend to check if there are enough connection states.

Only a bridge link is done, and "netstat -an" see more than 6000 connection state exists.

Version 1, edited 7 years ago by huifeidexingyuner@… (previous) (next) (diff)

comment:3 by huifeidexingyuner@…, 6 years ago

Resolution: invalid
Status: closedreopened

comment:4 by Maxim Dounin, 6 years ago

Resolution: invalid
Status: reopenedclosed

As previously said, nginx behaviour with transparent proxying is no different from normal one. If you see poor performance, the problem is either in the kernel or, more likely, in your network configuration. Note that transparent proxying generally requires much different network configuration, and it requires deep understanding of the packet flow to configure. Either way, this does not look like something to be addressed on the nginx side.

Note: See TracTickets for help on using tickets.