HTTPS on Hyper-V an order of magnitude faster than HTTP?



  • I feel this may be the incorrect thread for this as I don't really have strong evidence this is related to Hyper-V but.. I'm seeing oddly differential performance on http vs https (https is faster by an order of magnitude to the same host?)  I'm clearly missing something obvious but apparently I'm too blind to see it :)

    
    root@downquark ~/windowsize # ./test;tar cJf windowsize.tar.xz *;
    Running https - https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
    --2014-11-15 00:05:20--  https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    Connecting to 198.145.20.143:443... connected.
        WARNING: certificate common name ‘mirrors.kernel.org’ doesn't match requested host name ‘198.145.20.143’.
    HTTP request sent, awaiting response... 200 OK
    Length: 605028352 (577M) [application/octet-stream]
    Saving to: ‘/dev/null’
    
     8% [========>                                                                                                            ] 51,623,448  10.4MB/s  eta 51s    53418 packets captured
    53418 packets received by filter
    0 packets dropped by kernel
    Running http - http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
    --2014-11-15 00:05:28--  http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    Connecting to 198.145.20.143:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 605028352 (577M) [application/octet-stream]
    Saving to: ‘/dev/null’
    
     1% [>                                                                                                                    ] 7,863,336   1.52MB/s  eta 5m 53s 9095 packets captured
    9095 packets received by filter
    0 packets dropped by kernel
    https.txt:     max win adv:          473856 bytes     max win adv:           17792 bytes
    https.txt:     min win adv:           29312 bytes     min win adv:           15616 bytes
    https.txt:     zero win adv:              0 times     zero win adv:              0 times
    https.txt:     avg win adv:          463863 bytes     avg win adv:           17791 bytes
    https.txt:     throughput:              117 Bps       throughput:         10584379 Bps
    http.txt:     max win adv:         1085056 bytes     max win adv:           15616 bytes
    http.txt:     min win adv:           29312 bytes     min win adv:           15616 bytes
    http.txt:     zero win adv:              0 times     zero win adv:              0 times
    http.txt:     avg win adv:          484018 bytes     avg win adv:           15616 bytes
    http.txt:     throughput:               31 Bps       throughput:          1616185 Bps
    
    

    test looks like:

    
    #!/bin/zsh
    typeset -A urls
    urls=("https" "https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso" "http" "http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso")
    host="198.145.20.143"
    for n in "${(@k)urls}"; do
        echo "Running $n - $urls[$n]";
        tcpdump -i br0 -B 8192 host "$host" -w "$n.pcap" &
        sleep 2
        wget --no-check-certificate "$urls[$n]" -O /dev/null &
        sleep 5
        kill %3;sleep 1;kill %2
        tcptrace -l -r -W "$n.pcap" > "$n.txt"
    done
    egrep "(win adv|throughput)" *.txt
    
    

    The pcaps/etc are @ https://mrow.org/files/windowsize.tar.xz

    tcptrace output is @ https://mrow.org/files/http.txt and https://mrow.org/files/https.txt

    Edit:
    Also just tried on the router itself – same issue:

    
    [2.2-BETA][root@lburton-router2.sea.mrow.org]/root/tester: cat ./test ; ./test ; tar cJf windowsize-router.tar.xz *
    #!/usr/local/bin/zsh
    typeset -A urls
    urls=("https-router" "https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso" "http-router" "http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso")
    host="198.145.20.143"
    for n in "${(@k)urls}"; do
        echo "Running $n - $urls[$n]";
        tcpdump -i hn1 -B 8192 -w "$n.pcap" host "$host" &
        sleep 2
        wget --no-check-certificate "$urls[$n]" -O /dev/null &
        sleep 5
        kill %3;sleep 1;kill %2
        tcptrace -l -r -W "$n.pcap" > "$n.txt"
    done
    egrep "(win adv|throughput)" *.txt
    Running http-router - http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    tcpdump: listening on hn1, link-type EN10MB (Ethernet), capture size 65535 bytes
    converted 'http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (US-ASCII) -> 'http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (UTF-8)
    --2014-11-15 01:40:38--  http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    Connecting to 198.145.20.143:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 605028352 (577M) [application/octet-stream]
    Saving to: '/dev/null'
    
    /dev/null                                 2%[>                                                                              ]  12.19M  2.43MB/s   eta 3m 53s17872 packets captured
    19263 packets received by filter
    0 packets dropped by kernel
    Running https-router - https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    tcpdump: listening on hn1, link-type EN10MB (Ethernet), capture size 65535 bytes
    converted 'https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (US-ASCII) -> 'https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (UTF-8)
    --2014-11-15 01:40:46--  https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
    Connecting to 198.145.20.143:443... connected.
    WARNING: cannot verify 198.145.20.143's certificate, issued by '/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA':
      Unable to locally verify the issuer's authority.
        WARNING: certificate common name 'mirrors.kernel.org' doesn't match requested host name '198.145.20.143'.
    HTTP request sent, awaiting response... 200 OK
    Length: 605028352 (577M) [application/octet-stream]
    Saving to: '/dev/null'
    
    /dev/null                                21%[===============>                                                               ] 123.68M  25.0MB/s   eta 18s   26271 packets captured
    187467 packets received by filter
    158959 packets dropped by kernel
    http-router.txt:     max win adv:          394240 bytes     max win adv:           15616 bytes
    http-router.txt:     min win adv:            6144 bytes     min win adv:           15616 bytes
    http-router.txt:     zero win adv:              0 times     zero win adv:              0 times
    http-router.txt:     avg win adv:          342327 bytes     avg win adv:           15616 bytes
    http-router.txt:     throughput:               30 Bps       throughput:          2357229 Bps
    https-router.txt:     max win adv:             122 bytes     max win adv:               0 bytes
    https-router.txt:     min win adv:             122 bytes     min win adv:               0 bytes
    https-router.txt:     zero win adv:              0 times     zero win adv:              0 times
    https-router.txt:     avg win adv:             122 bytes     avg win adv:               0 bytes
    https-router.txt:     throughput:               NA           throughput:               NA
    https-router.txt:     max win adv:          476160 bytes     max win adv:           17792 bytes
    https-router.txt:     min win adv:           43520 bytes     min win adv:           15616 bytes
    https-router.txt:     zero win adv:              0 times     zero win adv:              0 times
    https-router.txt:     avg win adv:          407804 bytes     avg win adv:           17791 bytes
    https-router.txt:     throughput:              123 Bps       throughput:          3996093 Bps
    
    

    The pcaps/etc are @ https://mrow.org/files/windowsize-router.tar.xz

    tcptrace output is @ https://mrow.org/files/http-router.txt and https://mrow.org/files/https-router.txt



  • This was actually due to a Netgear GS108Ev3 which has a firmware bug or similar causing bad QoS behavior – took me a pair of Ethernet couplers and some time to track down.  I am not the only one http://forum1.netgear.com/showthread.php?t=93251



  • Thanks for the follow up.


Log in to reply