Re: [tcpm] TCP Tuning for HTTP - update

Willy Tarreau <> Thu, 18 August 2016 05:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E2FDB12D0BA for <>; Wed, 17 Aug 2016 22:44:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.168
X-Spam-Status: No, score=-8.168 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0BhXHaCXpNeT for <>; Wed, 17 Aug 2016 22:44:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DAE4B12B015 for <>; Wed, 17 Aug 2016 22:44:43 -0700 (PDT)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1baG3w-0003KY-7u for; Thu, 18 Aug 2016 05:40:20 +0000
Resent-Date: Thu, 18 Aug 2016 05:40:20 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1baG3m-0003JV-QH for; Thu, 18 Aug 2016 05:40:10 +0000
Received: from ([] by with esmtp (Exim 4.80) (envelope-from <>) id 1baG3k-0008O0-S9 for; Thu, 18 Aug 2016 05:40:10 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id u7I5cbuM017303; Thu, 18 Aug 2016 07:38:37 +0200
Date: Thu, 18 Aug 2016 07:38:37 +0200
From: Willy Tarreau <>
To: Joe Touch <>
Cc: Matthew Kerwin <>, Mark Nottingham <>,, HTTP Working Group <>, Patrick McManus <>, Daniel Stenberg <>
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.6.0 (2016-04-01)
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-5.5
X-W3C-Hub-Spam-Report: AWL=-0.574, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1baG3k-0008O0-S9 5afa51f5c9b3dd31ab6d6e8c324cf5be
Subject: Re: [tcpm] TCP Tuning for HTTP - update
Archived-At: <>
X-Mailing-List: <> archive/latest/32307
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On Wed, Aug 17, 2016 at 05:21:21PM -0700, Joe Touch wrote:
> Popping up to the key point...
> On 8/17/2016 4:35 PM, Matthew Kerwin wrote:
> > Hi folks, I'm stepping in here on just a couple of points. I'll snip
> > the bits I can't or won't talk to.
> ...
> > Where we come from, how we find information to solve our problems, the
> > way we view the IETF and its RFCs are all different. If this argument
> > is just that this stuff doesn't belong in an RFC, that's a cultural
> > issue and not one I think we can resolve in this one technical working
> > group.
> IMO, RFCs deal with *protocols* and protocol deployment issues.
> Here that would mean for HTTP in specific
>     - turn Nagle off

All applications have been doing this for almost two decades.

>     - watch out for ACK compression effects (turn it off in favor of ABC
> if you can)

It does not happen that much with HTTP. Many connections on the server side
see only one, sometimes two requests, and most responses are small (about
20kB on average, with favicon fitting in a single segment). Note, I'm talking
about observations on average web sites.

>     - deal with slow-start restart (there are a variety of approaches here)

Due to the above this doesn't even happen most of the time, though with H/2
it will be more common.

> You also want to be generally efficient with TCP, which isn't related to
> HTTP but still good advice for all apps:
>     - be generally efficient and robust (use SACK, ECN, good window
> scaling, etc.)
>     - watch out for resource overloads (use SYN cookies/fast open,
> time-wait buildup, etc.)
> That advice is useful for all TCP for transactions, too.

Absolutely, it's just that HTTP tends to magnify those effects because you
can get a lot of traffic concentrated on one or a few machines, and there's
a huge pressure on the admins as they know that there are tens of thousands
of visitors witnessing their performance issues. Performance is constantly
monitored by customers as well, trying to shrink the last millisecond to rank
better on search engines, which further adds to the pressure.

> Here's what it definitely does not mean:
>     - setting socket buffer sizes (that's an OS-ism, and may be useful
> for app designers to know, but isn''t directly part of TCP or HTTP)
>     - running an efficient server for small connections (that's a pure
> implementation performance issue, and depends on OS support for things
> like threads, process/thread pools, etc.)
> I.e., OS-specific issues in running servers are not in scope IMO.

So what you have cited above are implementation details which are either
basic to any implementer or covered by the application itself. Admins
have already dealt with this in the default tuning and the application
has already done what is supposed to be done. Yet the admin is left with
a web site that is down under load, and they need to understand what
sysctls to change and what their effects can be on the short term (ie:
put the site back online) and the mid term (ie: limit the amount of
problems caused to random visitors). Lots of people for example enable
time-wait recycling because this is done by some people in benchmarks,
it's a single sysctl and they don't realize that they cause a lot of
issues even under moderate load.

> Keep in mind who reads RFCs - mostly protocol people. Managers take
> training courses to get certification, and that's where they learn their
> operational issues.

As Matthew said, admins tend to trust better the people who write the
protocols. Having an RFC authored by various protocol people will
definitely help make admins do the right thing.