No Performance Gains When wrk Is Used to Test Nginx+KAE
Symptom
In the same software and hardware conditions, when the httpress tool is used to test the HTTPS short connection performance of Nginx, the performance is greatly improved after KAE is enabled. However, when the wrk tool is used for testing, the performance is not improved after KAE is enabled.
Key Process and Cause Analysis
Cause analysis: The wrk tool uses TLS reconnection. During the stress test, only one key exchange operation is performed, indicating a low RSA encryption proportion. As a result, the acceleration effect is not obvious.
Process analysis: According to the wrk source code (see Figure 1), the client hello sub-message is sent in the client handshake phase, and the session ID in the sub-message is empty. After a complete handshake phase, the client and server store the session ID locally (in the client memory and server cache respectively). After the session is closed and when the same HTTPS website is accessed next time, the client browser carries the session ID in the client hello sub-message. After receiving the request, the server matches the received session ID with that stored in the server cache. If matched, the server restores the previous TLS connection and uses the previously negotiated key instead of re-negotiating the key. In this case, the RSA algorithm is invoked only once.
Conclusion and Solution
KAE accelerates the RSA algorithm in the handshake phase. If the stress test tool uses TLS reconnection, the acceleration effect is not obvious. In this case, you are advised to use another tool, such as httpress.