Starr Duskk
asked on
Firewall Speed Issue
We host our site at Rackspace. We have our live server that is not behind a firewall. We recently setup a server to be used for load balancing which is behind a firewall.
When we tested it with exactly the same copy of the source code and database with no load balancers spun up, it runs at half the speed, meaning it is noticeably slower.
The new server is: Windows server 2012 R2 - 8GB General Purpose v1. Both are https.
Live server not behind firewall: 1.8s
New Server behind firewall and load balancer (but no duplicates spun up): 3.6s
Same new server going directly and skipping firewall/load balancer: 1.8s
Rackspace has told us there is nothing we can do about it. Here is their response:
"...due to the traffic flow difference between the Public Cloud server and the RackConnected server behind the firewall & loadbalancer there's inherent latency involved.
The traffic flow for the RackConnected server goes Internet-->Rackspace Infrastructure-->Firewall- ->Loadbala ncer-->Loa dbalancer SSL termination-->Loadbalancer CSW Redirect-->Loadbalancer Loadbalancing decision-->RackConnect infrastructure-->Cloud Server.
The traffic flow for the Public Cloud Server goes Internet-->Rackspace Infrastructure-->Cloud Server.
Each step in the traffic flow introduces overhead. The architect on my team confirmed that was the case, and that while we can try tweaking TCP profiles to reduce the latency that we'll never get down to the ~2 second loadtimes that your Public Cloud Server has."
Is this indeed normal? I mean we must hit a lot of major websites everyday that use firewalls and load balancers, you know, like Netflix, Google, Youtube, this site maybe, and they aren't noticeably slow. Should we be truly experience this kind of "half the speed" or should we find another host?
Thanks!
When we tested it with exactly the same copy of the source code and database with no load balancers spun up, it runs at half the speed, meaning it is noticeably slower.
The new server is: Windows server 2012 R2 - 8GB General Purpose v1. Both are https.
Live server not behind firewall: 1.8s
New Server behind firewall and load balancer (but no duplicates spun up): 3.6s
Same new server going directly and skipping firewall/load balancer: 1.8s
Rackspace has told us there is nothing we can do about it. Here is their response:
"...due to the traffic flow difference between the Public Cloud server and the RackConnected server behind the firewall & loadbalancer there's inherent latency involved.
The traffic flow for the RackConnected server goes Internet-->Rackspace Infrastructure-->Firewall-
The traffic flow for the Public Cloud Server goes Internet-->Rackspace Infrastructure-->Cloud Server.
Each step in the traffic flow introduces overhead. The architect on my team confirmed that was the case, and that while we can try tweaking TCP profiles to reduce the latency that we'll never get down to the ~2 second loadtimes that your Public Cloud Server has."
Is this indeed normal? I mean we must hit a lot of major websites everyday that use firewalls and load balancers, you know, like Netflix, Google, Youtube, this site maybe, and they aren't noticeably slow. Should we be truly experience this kind of "half the speed" or should we find another host?
Thanks!
Hi There,
Additional hops would definitely introduce some lag as per my logic.
Kindly confirm how the same was tested.
Did you verify the parameters like CPU and Memory spikes on the firewall and loadbalancer? Even that could be a reason for the lag.
Additional hops would definitely introduce some lag as per my logic.
Kindly confirm how the same was tested.
Did you verify the parameters like CPU and Memory spikes on the firewall and loadbalancer? Even that could be a reason for the lag.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for BobCSD's comment #a41648280
Assisted answer: 250 points for dkotte's comment #a41639598
Assisted answer: 250 points for ARAKEL_IAN's comment #a41640110
for the following reason:
it's what fixed it.
Accepted answer: 0 points for BobCSD's comment #a41648280
Assisted answer: 250 points for dkotte's comment #a41639598
Assisted answer: 250 points for ARAKEL_IAN's comment #a41640110
for the following reason:
it's what fixed it.
ASKER
TCP Profiles were altered, but whatevs. I don't care what you do with it.
for example netscaler with loadbalancing and ssl offloading is known as "web accelerator"