Joe’s Blog!

Deathmatch may be an overstatement but here are the results from some performance benchmarking.

The Setup:

Server:

• CENTOS 5.1
• Dual 2.4GHz Xeon CPUs
• 4GB RAM
• RAID5 (4 x 15k disks)
• Server and test client were connected via a consumer grade 10/100 switch

Configurations:

• Basic static vhost
• Keepalive turned on and with timeout of 15 seconds
• GZIP turned on

I used autobench to perform the tests. Basically this is a perl script that sits on top of httperf and will run multiple tests in succession outputing the results to CSV. Awfully convenient.

All the tests were run against the same robots.txt file. Autobench ran the following command 20 times incrementing the request rate by 10 each time. I started at 10 requests per second and went up to 200.

httperf –timeout=5 –client=0/1 –server=HOST –port=80 –uri=/robots.txt –rate=X –send-buffer=4096 –recv-buffer=16384 –num-conns=5000 –num-calls=10

I performed two samples and arbitrarily used the second as the results shown here. At the bottom of this post I will have spreadsheet containing the data from these tests so you can check out all the results.

The Results:

Both web servers performed well in all the tests and had no issues completing the requests. So I will not mention the metrics that they finished very closely on, only the ones that they did not have similar results.

There were three httperf related tests that Nginx and Apache differed on more than small amount, reply rate, network I/O and response time.

This one really piqued my interest. It seems strange to me why we would see such a result from Apache. In both tests there was a big difference at the 700 request mark. Statistically the difference was only on the max reply rate. The average and minimum are within a few tenths of a percent consistent through the tests. The max for Apache in the first test was 734.7 and in the second 758.7, standard deviations of 13.9 and 22.9 respectively. I suppose the real question here is whether or not this is my test or how Apache acts. If it is the later it seems strange that dealing with 700 requests would be any different than dealing with 800. From 800 requests to 2000, the larger differences in these results seems more realistic, controlled and gradual.

The network I/O graph I find interesting mostly because I don’t know how to take it. On one hand it seems Apache is simply using more bandwidth to do the same number of requests as Nginx. Which would seem bad. On the other it could just mean that Apache does a better job of consuming and using the available pipe. Which would seem good. My hunch is that it is the former.

The response times are also interesting since Nginx responds consistently at 0.4 ms. I am not sure why this is since I don’t know the internals to Nginx but I imagine that it is something that is built into how it deals with requests.

While the httperf tests were running I collected sar data from that time. The results show that Nginx uses a good amount less CPU and produces equally less load.

Apache:

CPU:

Load:

Nginx:

CPU:

Load:

Thats all I got, pretty cool. Nginx seems to compete pretty well with Apache and there doesn’t seem like there is a good reason not to use it especially in CPU usage constrained situations (ie huge traffic, slow machines and etc).

Here’s my results spreadsheet for the detailed results of each httperf metric.

That’s be scary.

So I have started playing around with Nginx a bit, normally I am an Apache user. It seems to be the latest fad in web servers for the ruby on rails community. It’s a constant rotation. Last year it seemed that the web server of choice was lighttpd, I am sure for some it still is. Before mongrel, fastcgi was the way to connect your rails app to your web server, whether it be Apache or lighttpd. The first thing I noticed was the difference in the configuration files. They seem organized more like a script or etc rather than a normal linux configuration file. Overall it was pretty easy to replicate my Apache configuration files. I got gzip and expires rolling too. Anyway I will hopefully be putting some performance tests together, as soon as I do I will post them. Here’s a little test … Apache, Nginx head to head with Apachebench. I used a static file for the tests, robots.txt. From this easy test it seems that Nginx is pretty quick. Hopefully, there will be more to come.

Nginx:

Server Software: nginx/0.5.35
Server Hostname: HOST
Server Port: 80

Document Path: /robots.txt
Document Length: 204 bytes

Concurrency Level: 200
Time taken for tests: 1.503728 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 494984 bytes
HTML transferred: 204408 bytes
Requests per second: 665.01 [#/sec] (mean)
Time per request: 300.746 [ms] (mean)
Time per request: 1.504 [ms] (mean, across all concurrent requests)
Transfer rate: 321.20 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 17 91 43.3 99 174
Processing: 25 165 188.4 123 1140
Waiting: 18 135 141.9 113 1004
Total: 67 257 188.8 231 1175

Percentage of the requests served within a certain time (ms)
50% 231
66% 282
75% 290
80% 298
90% 475
95% 605
98% 1018
99% 1162
100% 1175 (longest request)

Apache:

Server Software: Apache/2.2.3
Server Hostname: HOST
Server Port: 80

Document Path: /robots.txt
Document Length: 204 bytes

Concurrency Level: 200
Time taken for tests: 8.891118 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 504510 bytes
HTML transferred: 205020 bytes
Requests per second: 112.47 [#/sec] (mean)
Time per request: 1778.224 [ms] (mean)
Time per request: 8.891 [ms] (mean, across all concurrent requests)
Transfer rate: 55.34 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 30 231.0 8 2999
Processing: 2 437 1153.2 164 8745
Waiting: 1 422 1115.7 162 8745
Total: 69 468 1175.9 169 8770

Percentage of the requests served within a certain time (ms)
50% 169
66% 182
75% 197
80% 223
90% 271
95% 4658
98% 4675
99% 6005
100% 8770 (longest request)

Who Cares?! I don’t want to ride in this crap.

Andy Hampsten on the Gavia on his way to winning the 1988 Giro.

In this article at the Washington Post they describe the experiences of a few travelers that have their laptops taken and they forced to type in their passwords so TSA/Customs could search for “information possibly tied to terrorism, narcotics smuggling, child pornography or other criminal activity”. The individuals in the article are rightfully concerned about their sensitive data on their electronic devices (Blackberrys, laptops etc) but also proprietary information to their employers. Whats more is one individual never got their laptop back. The cases in the article also bring up questions of racial/religious profiling. The whole notion of “let me read your email or you can’t get on this flight” and to quote the article, “the government’s laptop-equals-suitcase position” seems awfully ridiculous to me. The worst part of this is that the innocent people are the ones that are hurt. I have nothing to hide but that doesn’t mean I want government officials rummaging through my apartment or laptop. Here’s an interesting excerpt:

“It’s one thing to say it’s reasonable for government agents to open your luggage,” said David D. Cole, a law professor at Georgetown University. “It’s another thing to say it’s reasonable for them to read your mind and everything you have thought over the last year. What a laptop records is as personal as a diary but much more extensive. It records every Web site you have searched. Every e-mail you have sent. It’s as if you’re crossing the border with your home in your suitcase.”

If the government’s position on searches of electronic files is upheld, new risks will confront anyone who crosses the border with a laptop or other device, said Mark Rasch, a technology security expert with FTI Consulting and a former federal prosecutor. “Your kid can be arrested because they can’t prove the songs they downloaded to their iPod were legally downloaded,” he said. “Lawyers run the risk of exposing sensitive information about their client. Trade secrets can be exposed to customs agents with no limit on what they can do with it. Journalists can expose sources, all because they have the audacity to cross an invisible line.”

I have a business trip this spring, there is a good chance that I will be enabling filesystem encryption (easily done with Ubuntu at install time) on my machine should they confiscate it. In the end I would rather not get on the flight than hand over my laptop. They not only take your laptop and password, they take your privacy and rights as a US citizen away as well. If this happens to you inside the US, ask for a search warrant before handing anything over.

Support the EFF.