Kong performance test,Https response time is unstable.why?


#1

Additional Details & Logs
Kong version :0.14.1
Kong debug-level startup : kong start / error level
Kong configuration :
#4017

Help,Https response time is unstable, http is normal,WHY??


#2

Regular response time rises every 20 seconds, after which the response time drops to normal, repeate… why?


#3

I don’t feel there is any easy way to diagnose this without access to your hosts and watching the kong node + api service nodes directly. A few things to consider:

  1. Does backend support keepalive? If not, under load the concurrent bombardment of tls handshakes maybe overwhelming the server.

  2. Are you monitoring cpu/memory of kong + api nodes during the loadtest? Did eaither hit a ceiling and what was that ceiling?

3 Is it only every 20 seconds like clock work over and over again? I would say maybe it points to some sort of DNS resolution problem but Kong does cache dns results if properly configured and the fact its https and not http too throws me off this one…

There are lots of other things that could help you figure out root cause but I am not really a specialist here, just a community member throwing some guesses out :slight_smile: . But really good monitoring will help, also test your API directly over HTTPS and see if cutting Kong out of the equation still yields a slow call every 20 seconds.


#5

up…
Kong performance test,Https response time is unstable

config:

server_name kong;
listen 0.0.0.0:80;
listen 0.0.0.0:443 ssl;
error_page 400 404 408 411 412 413 414 417 494 /kong_error_handler;
error_page 500 502 503 504 /kong_error_handler;

access_log /opt/data/kong/logs/access.log main;
error_log /opt/data/kong/logs/error.log error;

client_body_buffer_size 128k;

ssl_certificate /usr/local/kong/ssl/kong-default.crt;
ssl_certificate_key /usr/local/kong/ssl/kong-default.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_buffer_size 8k;
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

ssl_session_cache builtin:40960 shared:SSL:100m;
ssl_session_timeout 10m;
ssl_session_tickets on;
ssl_session_ticket_key /usr/local/kong/session_ticket.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

ssl_certificate_by_lua_block {
    Kong.ssl_certificate()
}