SeaCat Performance Test

We decided to perform this test to validate our architectural, design and implementation decisions in regards to SeaCat performance. Our goal was to build the best-in-class product using the most advanced techniques to deliver highest possible throughput yet not compromising the security of the communication in any way. Results of the test have been fed back into our development team to improve further overall performance characteristics of the solution.

We want to illustrate SeaCat's performance related to HTTP and HTTPS protocols. SeaCat provides speed that is close to HTTP and the level of security that is at least equal to HTTPS. If performance is important to you, you will be able to put all three methods in some perspective.

Measured numbers should help you in deciding about your environment sizings.

Test configuration

The test environment has been configured using the following architectural recommendations (see bellow PDI diagram). We build it using Amazon AWS EC2 service.

image

The test based on launching GET request that retrieves a certain XML file from the HTTP host. This cycle of request and response is called transaction for the sake of this test.

We build custom performance tool for SeaCat, modelled after well-known ab tool from HTTP Apache server suite. ab tool is also used for reference testing of HTTP and HTTPS which is configured in the same way (or as much as possible).

We crafted 128 B, 512 B, 1 KiB, 2 KiB XML, 4 KiB, 8 KiB and 16 KiB XML files that are served by HTTP hosts during the test.

Further details of test configuration are attached at the end of this article.

Results

c3.xlarge (4 vCPU cores)

image

  HTTP HTTPS SeaCat
128 B XML 9634 869 13685
512 B XML 9724 868 13766
1 KiB XML 9492 860 14186
2 KiB XML 9554 866 13364
4 KiB XML 9469 859 11882
8 KiB XML 8876 850 10353
16 KiB XML 6054 831 5457

Numbers are in transactions per second.

c3.large (2 vCPU cores)

image

  HTTP HTTPS SeaCat
128 B XML 8111 511 8269
512 B XML 8406 511 8271
1 KiB XML 8932 512 8116
2 KiB XML 8376 512 7859
4 KiB XML 8407 511 7342
8 KiB XML 8291 510 6614
16 KiB XML 6249 508 3836

Numbers are in transactions per second.

Detailed information

SeaCat Gateway

  • Version: 14.03 (trial)
  • Number of child processes: (2 * number of CPU cores) + 2
  • Memory is non-critical: <500kb was used during the test
  • Number of open files (ulimit -n) has to be set reasonably high (e.g. 8192)

NGINX host servers

  • Version: 1.4.6
  • Number of workers (worker_processes): 32

Client test box

  • Custom build performance test client for SeaCat
  • 'ab' tool (from HTTP Apache toolbox) for HTTP and HTTPS reference test
  • $ ab -c8 -n100000 http://ip-...eu-west-1.compute.internal/1k.xml
  • $ ab -c8 -n10000 https://ip-....eu-west-1.compute.internal/1k.xml

Cryptography configuration of SeaCat and HTTPS

  • Protocol: TLSv1.2
  • Cypher: ECDHE-RSA-AES128-GCM-SHA256 (2048 bit RSA, 128 bit AES)
  • No client/server certificate trust validation

Amazon AWS details

  • Ubuntu Server 14.04 LTS (PV), SSD Volume Type - ami-e90dc49e (64-bit)
  • Root device type: ebs
  • Virtualization type: paravirtual
  • Dedicated placement group (cluster)
  • eu-west-1c
c3.large
  • High Frequency Intel Xeon E5-2680 v2 (Ivy Bridge) Processors
  • vCPU: 2
  • RAM: 3.75G
  • AES-NI present
c3.xlarge
  • High Frequency Intel Xeon E5-2680 v2 (Ivy Bridge) Processors
  • vCPU: 4
  • RAM: 7.5G
  • AES-NI present
c3.2xlarge
  • High Frequency Intel Xeon E5-2680 v2 (Ivy Bridge) Processors
  • vCPU: 8
  • RAM: 15G
  • AES-NI present
c3.8xlarge
  • High Frequency Intel Xeon E5-2680 v2 (Ivy Bridge) Processors
  • vCPU: 32
  • RAM: 60G
  • AES-NI present

Do you have a question?

Have a question we didn’t cover? Please feel free to contact us.

About the Author

Ales Teska

TeskaLabs’ founder and CEO, Ales Teska, is a driven innovator who proactively builds things and comes up with solutions to solve practical IT problems.


TurboCat.io

Data encryption tool for GDPR

More information


You Might Be Interested in Reading These Articles

SeaCat trial for iOS on Mac OSX

This blog entry is meant to help you to start using SeaCat component on your Xcode iOS development environment. It contains instructions how to install and configure SeaCat gateway and how to integrate SeaCat client into your iOS application. SeaCat gateway is a secure gate to the restricted network. It allows access only to selected HTTP hosts and prevents exposure of others. It also secures communication with SeaCat clients that are typically in the Internet. SeaCat client becomes part of said mobile application and provides secured channel to SeaCat gateway and to target hosts in the restricted network. It ensures mutual security of the connection and transferred data.

Continue reading ...

tech trial ios osx

Published on March 14, 2014

The Outrageous Cost of HTTPS - Why?

Mobile applications use HTTP communication between the application backend and the clients. Because of the demand for higher level of security, IT people implement HTTPS by setting up certificates issued by LetsEncrypt Certification Authority in their application backend server. The shift between non secure HTTP connections to HTTPS connections leads to a significant increase of amount of data being transferred from/to the clients. How is this possible?

Continue reading ...

tech

Published on June 14, 2016

SeaCat Tutorial - Chapter 5: Using Parse.com with REST Integration (iOS)

As the market with Cloud Computing and Mobile devices is getting bigger, there is another specific option available. It's called (Mobile)Backend-As-A-Service (BAAS) and it is extremely useful in situations we want to subscribe a complex backend service (alongside the core backend solution, there is usually a lot of additional functionality and statistics) and primary focus on development of client part of mobile apps for instance.

Continue reading ...

tech tutorial ios osx

Published on January 31, 2015