GithubHelp home page GithubHelp logo

beaudh / ngx_http_tls_dyn_size Goto Github PK

View Code? Open in Web Editor NEW

This project forked from nginx-modules/ngx_http_tls_dyn_size

0.0 2.0 0.0 5 KB

Optimizing TLS over TCP to reduce latency for NGINX

Home Page: https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/

ngx_http_tls_dyn_size's Introduction

Optimizing TLS over TCP to reduce latency for NGINX

What we do now

We use a static record size of 4K. This gives a good balance of latency and throughput.

Configuration

Example

http {
  ssl_dyn_rec_enable on;
}

Optimize latency

By initialy sending small (1 TCP segment) sized records, we are able to avoid HoL blocking of the first byte. This means TTFB is sometime lower by a whole RTT.

Optimizing throughput

By sending increasingly larger records later in the connection, when HoL is not a problem, we reduce the overhead of TLS record (29 bytes per record with GCM/CHACHA-POLY).

Logic

Start each connection with small records (1369 byte default, change with ssl_dyn_rec_size_lo).

After a given number of records (40, change with ssl_dyn_rec_threshold) start sending larger records (4229, ssl_dyn_rec_size_hi).

Eventually after the same number of records, start sending the largest records (ssl_buffer_size).

In case the connection idles for a given amount of time (1s, ssl_dyn_rec_timeout), the process repeats itself (i.e. begin sending small records again).

Configuration directives

dyn_rec_enable

  • syntax: dyn_rec_enable bool
  • default: off
  • context: http

dyn_rec_timeout

  • syntax: dyn_rec_timeout number
  • default: 1000
  • context: http

We want the initial records to fit into one TCP segment so we don't get TCP HoL blocking due to TCP Slow Start.

A connection always starts with small records, but after a given amount of records sent, we make the records larger to reduce header overhead.

After a connection has idled for a given timeout, begin the process from the start. The actual parameters are configurable. If dyn_rec_timeout is 0, we assume dyn_rec is off.

dyn_rec_size_lo

  • syntax: dyn_rec_size_lo number
  • default: 1369
  • context: http

Default sizes for the dynamic record sizes are defined to fit maximal TLS + IPv6 overhead in a single TCP segment for lo and 3 segments for hi: 1369 = 1500 - 40 (IP) - 20 (TCP) - 10 (Time) - 61 (Max TLS overhead)

dyn_rec_size_hi

  • syntax: dyn_rec_size_hi number
  • default: 4229
  • context: http

4229 = (1500 - 40 - 20 - 10) * 3 - 61

dyn_rec_threshold

  • syntax: dyn_rec_threshold number
  • default: 40
  • context: http

License

ngx_http_tls_dyn_size's People

Contributors

denji avatar fmauneko avatar vkrasnov avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.