1. Home
  2. pfSense® Software
  3. Virtualization
  4. HTTPS on Hyper-V an order of magnitude faster than HTTP?

HTTPS on Hyper-V an order of magnitude faster than HTTP?

  • L

    I feel this may be the incorrect thread for this as I don't really have strong evidence this is related to Hyper-V but.. I'm seeing oddly differential performance on http vs https (https is faster by an order of magnitude to the same host?)  I'm clearly missing something obvious but apparently I'm too blind to see it :)

    
root@downquark ~/windowsize # ./test;tar cJf windowsize.tar.xz *;
Running https - https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
--2014-11-15 00:05:20--  https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
Connecting to 198.145.20.143:443... connected.
    WARNING: certificate common name ‘mirrors.kernel.org’ doesn't match requested host name ‘198.145.20.143’.
HTTP request sent, awaiting response... 200 OK
Length: 605028352 (577M) [application/octet-stream]
Saving to: ‘/dev/null’

 8% [========>                                                                                                            ] 51,623,448  10.4MB/s  eta 51s    53418 packets captured
53418 packets received by filter
0 packets dropped by kernel
Running http - http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
--2014-11-15 00:05:28--  http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
Connecting to 198.145.20.143:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 605028352 (577M) [application/octet-stream]
Saving to: ‘/dev/null’

 1% [>                                                                                                                    ] 7,863,336   1.52MB/s  eta 5m 53s 9095 packets captured
9095 packets received by filter
0 packets dropped by kernel
https.txt:     max win adv:          473856 bytes     max win adv:           17792 bytes
https.txt:     min win adv:           29312 bytes     min win adv:           15616 bytes
https.txt:     zero win adv:              0 times     zero win adv:              0 times
https.txt:     avg win adv:          463863 bytes     avg win adv:           17791 bytes
https.txt:     throughput:              117 Bps       throughput:         10584379 Bps
http.txt:     max win adv:         1085056 bytes     max win adv:           15616 bytes
http.txt:     min win adv:           29312 bytes     min win adv:           15616 bytes
http.txt:     zero win adv:              0 times     zero win adv:              0 times
http.txt:     avg win adv:          484018 bytes     avg win adv:           15616 bytes
http.txt:     throughput:               31 Bps       throughput:          1616185 Bps

    test looks like:

    
#!/bin/zsh
typeset -A urls
urls=("https" "https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso" "http" "http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso")
host="198.145.20.143"
for n in "${(@k)urls}"; do
    echo "Running $n - $urls[$n]";
    tcpdump -i br0 -B 8192 host "$host" -w "$n.pcap" &
    sleep 2
    wget --no-check-certificate "$urls[$n]" -O /dev/null &
    sleep 5
    kill %3;sleep 1;kill %2
    tcptrace -l -r -W "$n.pcap" > "$n.txt"
done
egrep "(win adv|throughput)" *.txt

    The pcaps/etc are @ https://mrow.org/files/windowsize.tar.xz

    tcptrace output is @ https://mrow.org/files/http.txt and https://mrow.org/files/https.txt

    Edit:
    Also just tried on the router itself – same issue:

    
[2.2-BETA][root@lburton-router2.sea.mrow.org]/root/tester: cat ./test ; ./test ; tar cJf windowsize-router.tar.xz *
#!/usr/local/bin/zsh
typeset -A urls
urls=("https-router" "https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso" "http-router" "http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso")
host="198.145.20.143"
for n in "${(@k)urls}"; do
    echo "Running $n - $urls[$n]";
    tcpdump -i hn1 -B 8192 -w "$n.pcap" host "$host" &
    sleep 2
    wget --no-check-certificate "$urls[$n]" -O /dev/null &
    sleep 5
    kill %3;sleep 1;kill %2
    tcptrace -l -r -W "$n.pcap" > "$n.txt"
done
egrep "(win adv|throughput)" *.txt
Running http-router - http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
tcpdump: listening on hn1, link-type EN10MB (Ethernet), capture size 65535 bytes
converted 'http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (US-ASCII) -> 'http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (UTF-8)
--2014-11-15 01:40:38--  http://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
Connecting to 198.145.20.143:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 605028352 (577M) [application/octet-stream]
Saving to: '/dev/null'

/dev/null                                 2%[>                                                                              ]  12.19M  2.43MB/s   eta 3m 53s17872 packets captured
19263 packets received by filter
0 packets dropped by kernel
Running https-router - https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
tcpdump: listening on hn1, link-type EN10MB (Ethernet), capture size 65535 bytes
converted 'https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (US-ASCII) -> 'https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso' (UTF-8)
--2014-11-15 01:40:46--  https://198.145.20.143/archlinux/iso/latest/archlinux-2014.11.01-dual.iso
Connecting to 198.145.20.143:443... connected.
WARNING: cannot verify 198.145.20.143's certificate, issued by '/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA':
  Unable to locally verify the issuer's authority.
    WARNING: certificate common name 'mirrors.kernel.org' doesn't match requested host name '198.145.20.143'.
HTTP request sent, awaiting response... 200 OK
Length: 605028352 (577M) [application/octet-stream]
Saving to: '/dev/null'

/dev/null                                21%[===============>                                                               ] 123.68M  25.0MB/s   eta 18s   26271 packets captured
187467 packets received by filter
158959 packets dropped by kernel
http-router.txt:     max win adv:          394240 bytes     max win adv:           15616 bytes
http-router.txt:     min win adv:            6144 bytes     min win adv:           15616 bytes
http-router.txt:     zero win adv:              0 times     zero win adv:              0 times
http-router.txt:     avg win adv:          342327 bytes     avg win adv:           15616 bytes
http-router.txt:     throughput:               30 Bps       throughput:          2357229 Bps
https-router.txt:     max win adv:             122 bytes     max win adv:               0 bytes
https-router.txt:     min win adv:             122 bytes     min win adv:               0 bytes
https-router.txt:     zero win adv:              0 times     zero win adv:              0 times
https-router.txt:     avg win adv:             122 bytes     avg win adv:               0 bytes
https-router.txt:     throughput:               NA           throughput:               NA
https-router.txt:     max win adv:          476160 bytes     max win adv:           17792 bytes
https-router.txt:     min win adv:           43520 bytes     min win adv:           15616 bytes
https-router.txt:     zero win adv:              0 times     zero win adv:              0 times
https-router.txt:     avg win adv:          407804 bytes     avg win adv:           17791 bytes
https-router.txt:     throughput:              123 Bps       throughput:          3996093 Bps

    The pcaps/etc are @ https://mrow.org/files/windowsize-router.tar.xz

    tcptrace output is @ https://mrow.org/files/http-router.txt and https://mrow.org/files/https-router.txt

    0
  • L

    This was actually due to a Netgear GS108Ev3 which has a firmware bug or similar causing bad QoS behavior – took me a pair of Ethernet couplers and some time to track down.  I am not the only one http://forum1.netgear.com/showthread.php?t=93251

    0
  • C

    Thanks for the follow up.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy