You are here

Home › How to detect and fix performance issues around Airlock

How to detect and fix performance issues around Airlock

Submitted on 13. March 2012 - 11:47 by foesch.
Last update on 28. January 2014 - 15:37.

Does your application seem to be slow? This guide will help you to find bottlenecks and resolve them.

The following issues are ordered from most important to less important. Check them step by step.

Ethernet interface settings

The most important issue with Ethernet is to have correct and corresponding Ethernet settings. This is speed and duplex mode, e.g. 100 Mbit full-duplex. It is crucial to have the same settings on the interfaces on both sides of the cable.

A little bit of history: In the past some systems did not perfectly negotiate their capabilities for the directly connected Ethernet interfaces. That's why some network administrator started to fix settings to, for example, 100 Mbit full-duplex. This works fine, if, and only if, both interfaces are fixed the same way. Later systems did fix the issue of bad negotiation, so that auto negotiation, the default, should work fine.

The Airlock Configuration Center is able to set network interface settings. Please use this to set them to exactly the same values as the directly connected switch, router or firewall.

CPU workload

Use the Dashboard in the Configuration Center to watch the CPU workload. It should be below 50% in high load situations in order to have enough power to process peak loads.

If the workload exceeds 50%, an additional CPU will help. 

Note: It is not recommended to add hardware SSL accelerators. Modern CPUs will do the same for less money

Timing information for requests and responses

Airlock provides timing information for requests and responses in the Log Viewer after enabling the check box "Show Application and Time columns". In the additional column "Time", the following information will be found:

request total 87808, allow/deny filters 583, backend responsiveness 85605, response processing 537, ICAP reqmod <n/a>, ICAP respmod <n/a>

Please have a look to the online manual to understand the meaning of these numbers.

Tracing the network

If the bottleneck is still not found, use tcpdump (or snoop for Airlock 4.2) to trace the network and record the traffic on different interfaces.

tcpdump -i eth1 port 8080 -w /tmp/backend.pcap

Copy the resulting file to a workstation, using WinSCP or similar, and then use Wireshark to analyse the packet flow. Check the following points:

  • Timing of the connect handshake
  • Existence of lost packets and retransmits
  • Timing of data packets
Knowledge Base Categories: 
Trouble-shooting
© Ergon Informatik AG