Link to home
Start Free TrialLog in
Avatar of Starr Duskk
Starr DuskkFlag for United States of America

asked on

Firewall Speed Issue

We host our site at Rackspace. We have our live server that is not behind a firewall. We recently setup a server to be used for load balancing which is behind a firewall.

When we tested it with exactly the same copy of the source code and database with no load balancers spun up, it runs at half the speed, meaning it is noticeably slower.

The new server is: Windows server 2012 R2 - 8GB General Purpose v1. Both are https.

Live server not behind firewall: 1.8s
New Server behind firewall and load balancer (but no duplicates spun up): 3.6s
Same new server going directly and skipping firewall/load balancer: 1.8s

Rackspace has told us there is nothing we can do about it. Here is their response:

"...due to the traffic flow difference between the Public Cloud server and the RackConnected server behind the firewall & loadbalancer there's inherent latency involved.

The traffic flow for the RackConnected server goes Internet-->Rackspace Infrastructure-->Firewall-->Loadbalancer-->Loadbalancer SSL termination-->Loadbalancer CSW Redirect-->Loadbalancer Loadbalancing decision-->RackConnect infrastructure-->Cloud Server.

The traffic flow for the Public Cloud Server goes Internet-->Rackspace Infrastructure-->Cloud Server.

Each step in the traffic flow introduces overhead. The architect on my team confirmed that was the case, and that while we can try tweaking TCP profiles to reduce the latency that we'll never get down to the ~2 second loadtimes that your Public Cloud Server has."

Is this indeed normal? I mean we must hit a lot of major websites everyday that use firewalls and load balancers, you know, like Netflix, Google, Youtube, this site maybe, and they aren't noticeably slow. Should we be truly experience this kind of "half the speed" or should we find another host?

Thanks!
Avatar of Dirk Kotte
Dirk Kotte
Flag of Germany image

what kind of firewall and loadbalancer do you use?
for example netscaler with loadbalancing and ssl offloading is known as "web accelerator"
Hi There,

Additional hops would definitely introduce some lag as per my logic.

Kindly confirm how the same was tested.

Did you verify the parameters like CPU and Memory spikes on the firewall and loadbalancer? Even that could be a reason for the lag.
ASKER CERTIFIED SOLUTION
Avatar of Starr Duskk
Starr Duskk
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Starr Duskk

ASKER

I've requested that this question be closed as follows:

Accepted answer: 0 points for BobCSD's comment #a41648280
Assisted answer: 250 points for dkotte's comment #a41639598
Assisted answer: 250 points for ARAKEL_IAN's comment #a41640110

for the following reason:

it's what fixed it.
TCP Profiles were altered, but whatevs. I don't care what you do with it.