DigitalOcean Loadbalancer: Slow TCP connections when traffic is higher2019 Community Moderator ElectionHAProxy Loadbalancing TCP trafficKubernetes exposed LoadBalancer service is very slowHTTPS request hangs indefinitelyHow Can I Make Https Health Checks based on IP?Some kubectl commands not working when K8S cluster is initialized with self-generated apiserver-kubelet-client.crt certificateIs it possible to access the Kubernetes API via https ingress?Gunicorn Two-way SSL Error “SSL_ERROR_UNKNOWN_CA_ALERT”digitalocean kubernetes loadbalancerDigitalOcean Kubernetes Loadbalancer IP with my domain namePre-deploying Kubernetes loadbalancer with terraform on DigitalOcean?

What has been your most complicated TikZ drawing?

Why do passenger jet manufacturers design their planes with stall prevention systems?

Why did it take so long to abandon sail after steamships were demonstrated?

Humanity loses the vast majority of its technology, information, and population in the year 2122. How long does it take to rebuild itself?

What is a good source for large tables on the properties of water?

SQL Server Primary Login Restrictions

Is it normal that my co-workers at a fitness company criticize my food choices?

Can the damage from a Talisman of Pure Good (or Ultimate Evil) be non-lethal?

Happy pi day, everyone!

Counting certain elements in lists

Brexit - No Deal Rejection

Pinhole Camera with Instant Film

Rules about breaking the rules. How do I do it well?

Life insurance that covers only simultaneous/dual deaths

Ban on all campaign finance?

What are the possible solutions of the given equation?

Bash replace string at multiple places in a file from command line

Identifying the interval from A♭ to D♯

What does it mean to make a bootable LiveUSB?

PTIJ: Who should pay for Uber rides: the child or the parent?

How could a scammer know the apps on my phone / iTunes account?

Fill color and outline color with the same value

Could the Saturn V actually have launched astronauts around Venus?

Font with correct density?



DigitalOcean Loadbalancer: Slow TCP connections when traffic is higher



2019 Community Moderator ElectionHAProxy Loadbalancing TCP trafficKubernetes exposed LoadBalancer service is very slowHTTPS request hangs indefinitelyHow Can I Make Https Health Checks based on IP?Some kubectl commands not working when K8S cluster is initialized with self-generated apiserver-kubelet-client.crt certificateIs it possible to access the Kubernetes API via https ingress?Gunicorn Two-way SSL Error “SSL_ERROR_UNKNOWN_CA_ALERT”digitalocean kubernetes loadbalancerDigitalOcean Kubernetes Loadbalancer IP with my domain namePre-deploying Kubernetes loadbalancer with terraform on DigitalOcean?










0















Edit This question used to be focused on the Kubernetes side of things. It is now apparent that the problem is at the Digitalocean Loadbalancer level.



I'm in the process of moving our service from Docker Swarm to a Kubernetes setup. The new K8S environment is up and running and I am starting to switch over traffic to the new K8S setup. However, when the traffic seems to be ramping up, it slows to a halt. The browser just spins for a while and then it loads snappily.



Running a simple curl -vvv https://thehostname.com and this happens



* Trying 12.123.123.123...
* Connected to thehostname.com (12.123.123.123) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1


Then it pauses on that line for a while and after around 30 seconds it loads the rest of the request.



The symptom is that when the amount of traffic increases, the response time increases. It starts at 0.5 seconds, and then steadily increases to 30 seconds and is caped there. When I turn off traffic, the response time goes back to normal. The number of requests per second isn't more than 20-30 at most when this starts happening.



It seems that the act of opening a TCP connection is the slow part. I'm in contact with DigitalOcean support, but so far it has not yielded anything as it probably needs to be escalated.






ssl kubernetes digital-ocean haproxy nginx-ingress







share|improve this question




























    0















    Edit This question used to be focused on the Kubernetes side of things. It is now apparent that the problem is at the Digitalocean Loadbalancer level.



    I'm in the process of moving our service from Docker Swarm to a Kubernetes setup. The new K8S environment is up and running and I am starting to switch over traffic to the new K8S setup. However, when the traffic seems to be ramping up, it slows to a halt. The browser just spins for a while and then it loads snappily.



    Running a simple curl -vvv https://thehostname.com and this happens



    * Trying 12.123.123.123...
    * Connected to thehostname.com (12.123.123.123) port 443 (#0)
    * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
    * found 594 certificates in /etc/ssl/certs
    * ALPN, offering http/1.1


    Then it pauses on that line for a while and after around 30 seconds it loads the rest of the request.



    The symptom is that when the amount of traffic increases, the response time increases. It starts at 0.5 seconds, and then steadily increases to 30 seconds and is caped there. When I turn off traffic, the response time goes back to normal. The number of requests per second isn't more than 20-30 at most when this starts happening.



    It seems that the act of opening a TCP connection is the slow part. I'm in contact with DigitalOcean support, but so far it has not yielded anything as it probably needs to be escalated.






    ssl kubernetes digital-ocean haproxy nginx-ingress







    share|improve this question


























      0












      0








      0








      Edit This question used to be focused on the Kubernetes side of things. It is now apparent that the problem is at the Digitalocean Loadbalancer level.



      I'm in the process of moving our service from Docker Swarm to a Kubernetes setup. The new K8S environment is up and running and I am starting to switch over traffic to the new K8S setup. However, when the traffic seems to be ramping up, it slows to a halt. The browser just spins for a while and then it loads snappily.



      Running a simple curl -vvv https://thehostname.com and this happens



      * Trying 12.123.123.123...
      * Connected to thehostname.com (12.123.123.123) port 443 (#0)
      * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
      * found 594 certificates in /etc/ssl/certs
      * ALPN, offering http/1.1


      Then it pauses on that line for a while and after around 30 seconds it loads the rest of the request.



      The symptom is that when the amount of traffic increases, the response time increases. It starts at 0.5 seconds, and then steadily increases to 30 seconds and is caped there. When I turn off traffic, the response time goes back to normal. The number of requests per second isn't more than 20-30 at most when this starts happening.



      It seems that the act of opening a TCP connection is the slow part. I'm in contact with DigitalOcean support, but so far it has not yielded anything as it probably needs to be escalated.






      ssl kubernetes digital-ocean haproxy nginx-ingress







      share|improve this question
















      Edit This question used to be focused on the Kubernetes side of things. It is now apparent that the problem is at the Digitalocean Loadbalancer level.



      I'm in the process of moving our service from Docker Swarm to a Kubernetes setup. The new K8S environment is up and running and I am starting to switch over traffic to the new K8S setup. However, when the traffic seems to be ramping up, it slows to a halt. The browser just spins for a while and then it loads snappily.



      Running a simple curl -vvv https://thehostname.com and this happens



      * Trying 12.123.123.123...
      * Connected to thehostname.com (12.123.123.123) port 443 (#0)
      * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
      * found 594 certificates in /etc/ssl/certs
      * ALPN, offering http/1.1


      Then it pauses on that line for a while and after around 30 seconds it loads the rest of the request.



      The symptom is that when the amount of traffic increases, the response time increases. It starts at 0.5 seconds, and then steadily increases to 30 seconds and is caped there. When I turn off traffic, the response time goes back to normal. The number of requests per second isn't more than 20-30 at most when this starts happening.



      It seems that the act of opening a TCP connection is the slow part. I'm in contact with DigitalOcean support, but so far it has not yielded anything as it probably needs to be escalated.






      ssl kubernetes digital-ocean haproxy nginx-ingress




      ssl kubernetes digital-ocean haproxy nginx-ingress






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 7 at 12:18







      Erik Rothoff

















      asked Feb 21 at 19:00









      Erik RothoffErik Rothoff

      2,01243447




      2,01243447






















          1 Answer
          1






          active

          oldest

          votes


















          1














          Issue most likely is with the number of certificates in /etc/ssl/certs.
          It says that 594, certs are found. Do you really need all of them. Validate them and remove unwanted ones. Also try to copy all certs into file instead of maintaining one file for each cert






          share|improve this answer























          • This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

            – Erik Rothoff
            Feb 21 at 21:17










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54814360%2fdigitalocean-loadbalancer-slow-tcp-connections-when-traffic-is-higher%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          Issue most likely is with the number of certificates in /etc/ssl/certs.
          It says that 594, certs are found. Do you really need all of them. Validate them and remove unwanted ones. Also try to copy all certs into file instead of maintaining one file for each cert






          share|improve this answer























          • This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

            – Erik Rothoff
            Feb 21 at 21:17















          1














          Issue most likely is with the number of certificates in /etc/ssl/certs.
          It says that 594, certs are found. Do you really need all of them. Validate them and remove unwanted ones. Also try to copy all certs into file instead of maintaining one file for each cert






          share|improve this answer























          • This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

            – Erik Rothoff
            Feb 21 at 21:17













          1












          1








          1







          Issue most likely is with the number of certificates in /etc/ssl/certs.
          It says that 594, certs are found. Do you really need all of them. Validate them and remove unwanted ones. Also try to copy all certs into file instead of maintaining one file for each cert






          share|improve this answer













          Issue most likely is with the number of certificates in /etc/ssl/certs.
          It says that 594, certs are found. Do you really need all of them. Validate them and remove unwanted ones. Also try to copy all certs into file instead of maintaining one file for each cert







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Feb 21 at 19:13









          P EkambaramP Ekambaram

          1,242616




          1,242616












          • This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

            – Erik Rothoff
            Feb 21 at 21:17

















          • This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

            – Erik Rothoff
            Feb 21 at 21:17
















          This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

          – Erik Rothoff
          Feb 21 at 21:17





          This is something that happens in different browsers on different machines, Pingdom sees the 30 second requests and times out, my local machine, etc. This example just happened to run on a webserver with a lot of certificates. So I doubt it has anything to do with it? Or am I missing something?

          – Erik Rothoff
          Feb 21 at 21:17



















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54814360%2fdigitalocean-loadbalancer-slow-tcp-connections-when-traffic-is-higher%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          How to get text form Clipboard with JavaScript in Firefox 56?How to validate an email address in JavaScript?How do JavaScript closures work?How do I remove a property from a JavaScript object?How do you get a timestamp in JavaScript?How do I copy to the clipboard in JavaScript?How do I include a JavaScript file in another JavaScript file?Get the current URL with JavaScript?How to replace all occurrences of a string in JavaScriptHow to check whether a string contains a substring in JavaScript?How do I remove a particular element from an array in JavaScript?

          Image
          Can an x86 CPU running in real mode be considered to be basically an 8086 CPU? Why does this relative pronoun not take the case of the noun it is referring to? Email Account under attack (really) - anything I can do? Why do we use polarized capacitors? N.B. ligature in Latex Is Social Media Science Fiction? how to create a data type and make it available in all Databases? Need help identifying/translating a plaque in Tangier, Morocco How to make payment on the internet without leaving a money trail? What do you call something that goes against the spirit of the law, but is legal when interpreting the law to the letter? How can the DM most effectively choose 1 out of an odd number of players to be targeted by an attack or effect? cryptic clue: mammal sounds like relative consumer (8) Infinite past with a beginning? How do you conduct xenoanthropology after first contact? Is there an example of two elementary particles colliding to result in a single elementar...
          Read more

          Can't initialize raids on a new ASUS Prime B360M-A motherboard2019 Community Moderator ElectionSimilar to RAID config yet more like mirroring solution?Can't get motherboard serial numberWhy does the BIOS entry point start with a WBINVD instruction?UEFI performance Asus Maximus V Extreme

          Image
          "One can do his homework in the library" Why does Deadpool say "You're welcome, Canada," after shooting Ryan Reynolds in the end credits? Potential difference and current flow It's a yearly task, alright Co-worker team leader wants to inject the crap software product of his friends into our development. What should I say to our common boss? Touchscreen-controlled dentist office snowman collector game What to do when during a meeting client people start to fight (even physically) with each others? What options are left, if Britain cannot decide? How could our ancestors have domesticated a solitary predator? Professor being mistaken for a grad student When two POV characters meet Replacing Windows 7 security updates with anti-virus? What has been your most complicated TikZ drawing? Can the word "advantage" be used as an adjective? How could a female member of a species produce eggs unto death? Can the druid cantrip Thorn...
          Read more

          List of MPs elected to the English parliament in 1640 (April) Contents List of constituencies and members See also Notes References Navigation menueNational Archives – The Glynde Place ArchivesCobbett's Parliamentary history of England, from the Norman Conquest in 1066 to the year 1803'Aldermen in Parliament', The Aldermen of the City of London: Temp. Henry III – 1912onepage&q&f&#61, false 229

          Image
          Parliaments of Charles I of England1640 in England1640 in politicsLists of Members of the Parliament of England (pre-1707)English MPs 1640 (April) King Charles IShort ParliamentLong Parliament Parliaments of England 1604–1705 Parliament Date Blessed Parliament 1604 Addled Parliament 1614 3rd Parliament of King James I 1621 Happy Parliament 1624 Useless Parliament 1625 2nd Parliament of King Charles I 1626 3rd Parliament of King Charles I 1628 Short Parliament 1640 Apr Long Parliament (1) 1640 Nov Oxford Parliament 1644 Long Parliament (2) 1645 Rump Parliament (1) 1648 Barebone's Parliament 1653 First Protectorate Parliament 1654 Second Protectorate Parliament 1656 Third Protectorate Parliament 1659 Rump Parliament (2) 1659 Long Parliament (3) 1660 Convention Parliament 1660 Cavalier Parliament 1661 Habeas Corpus Parliament 1679 Exclusion Bill Parliament 1680 Oxford Parliament 1681 Loyal Parliament 1685 Convention Parliament 1689...
          Read more