Re: [google-appengine] SSL for custom domain app engine performance issues

[Cayden Meyer]

Hi Will,

There are potentially many causes of end-to-end latency in a request. 

During my testing I see roughly equal performance between appspot.com and SSL on my custom domain. 

Are you able to exclude DNS as a source of the increased latency (retry a few times to ensure the host is in your systems cache)?

Is there a significant different in a straight TCP connection to each of different addresses (see python code below)? 

SSL in general can add additional latency on top of a non-SSL connection due to the initial multiple round trips associated with the SSL handshake. 

Thanks,

Cayden Meyer

Product Manager, Google App Engine

import socket
import time
def time_connect(*args, **kwargs):
  sock = socket.socket()
  start = time.time()
  sock.connect(*args, **kwargs)
  end = time.time()
  print end - start, 'seconds'

time_connect(('www.appspot.com', 80))

time_connect(('ghs.googlehosted.com', 80))

On 19 July 2012 05:02, Will (Phase Industries) <wi...@phaseindustries.com> wrote:

Hi,

Domain Name: www.phaseindustries.com CNAME to ghs.googlehosted.com.

Users Affected: all visiting the SNI endpoint

Problem Description: I am using SSL certificate on SNI - so my domain is being served from ::79 (.121) IP and not ::8d (.141) which I get when using my corresponding *.appspot.com domain - and I am getting a 300-400ms performance hit through this.  Since I am paying for the SSL endpoint, I wondered if this delay was expected?

Steps to Reproduce: Using Chrome, visit the site over the SNI address (.121) and use the network developer tool to measure latency from request to response.  Then visit on the *.appspot.com (.141) endpoint and notice that there is virtually no latency.

Any chance of getting an answer if this is a known issue, potentially something to do with the SSL cert lookup when accessing an apps domain through the ::79 (.121)?

Does not make any difference whether accessing over IPv6 or IPv4 but providing v6 since that's my primary access point.

Cheers

Will

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/iPuqYb9HPj4J.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

[Will (Phase Industries)]

Hi Cayden,

Thanks for your reply.  I've been using Chrome to test the latency - I hit the page several times using both URLs and here are the results.  These times are the delay between the request and the first response i.e. see attached image.

https://phaseindustries.appspot.com/ -> 2a00:1450:400b:c00::8d

57ms
57ms
56ms
66ms
58ms
57ms
AVG: 58.5ms

https://www.phaseindustries.com/ -> 2a00:1450:400b:c00::79

484ms
385ms
195ms
183ms
451ms
201ms
216ms
394ms
AVG: 313ms

I ran the test python you enclosed and the results showed TCP connections to both nodes were equal:

-->testtcp.py
0.0420000553131 seconds
0.039999961853 seconds

I hope that helps describe my problem in more detail - my guess is perhaps it's the SNI lookup happening on the :79 node?

Regards,

Will

On Thursday, July 19, 2012 5:34:08 AM UTC+1, Cayden Meyer wrote:

Hi Will,

There are potentially many causes of end-to-end latency in a request. 

During my testing I see roughly equal performance between appspot.com and SSL on my custom domain. 

Are you able to exclude DNS as a source of the increased latency (retry a few times to ensure the host is in your systems cache)?

Is there a significant different in a straight TCP connection to each of different addresses (see python code below)? 

SSL in general can add additional latency on top of a non-SSL connection due to the initial multiple round trips associated with the SSL handshake. 

Thanks,

Cayden Meyer

Product Manager, Google App Engine

import socket
import time
def time_connect(*args, **kwargs):
  sock = socket.socket()
  start = time.time()
  sock.connect(*args, **kwargs)
  end = time.time()
  print end - start, 'seconds'

time_connect(('www.appspot.com', 80))

time_connect(('ghs.googlehosted.com', 80))