Ali Cloud due to SLB caused by the slow HTTPS access speed problem

Since we've deployed HTTPS on the Aliyun SLB (see the problems and solutions for deploying HTTPS on SLB), we have friends who have a lot of feedback for us to log in slowly at logon (accessed via HTTPS), and some friends can't even access the login page.

When we log on ourselves, we have never experienced the problem of slow logon speed.

Before yesterday, we suspected that the networks used by these friends had some restrictions on HTTPS, and there was no doubt that the problem was related to Aliyun.

Last night @Bill Tsui the problem on flash memory, we let him use HTTP to access the speed immediately quickly, as long as the switch to HTTPS speed immediately slowed. This triggers us to put the suspect point of the problem into the Aliyun slb,http walk is the SLB seven-tier load balancing, while HTTPS goes to SLB four-tier load balancing (TCP).

Four-layer load balancing working principle (see four layer and seven layer load balance difference):

When the load balancing device receives the first SYN request from the client, it chooses an optimal server in the above way, and modifies the destination IP address in the message (to the back-end server IP) and forwards it directly to the server. TCP connection establishment, namely three times handshake is the client and the server establishes directly, the load balanced device only plays a similar router's forwarding action. In some deployment cases, in order to ensure that the server back pack can be correctly returned to the load balancing device, the message may be forwarded at the same time the original source address can be modified.

is SLB's handling of TCP causing some network line access speed slow?

When we put the suspect point in this place, immediately thought of authentication Method--Do not walk slb, directly through the cloud server for HTTPS access.

With the help of @Bill Tsui, we got the result: Slb,https access quickly became fast without going.

To further verify this suspicion, this morning we learned on flash memory some of the slow log friends, and then modify the login page of the domain name DNS, let it resolve to cloud server IP (do not go SLB); After the analysis, these friends feedback login speed immediately become quickly.

After this verification, we basically confirm the problem in SLB, we will feedback to Aliyun, hope to get Aliyun further verification.

Through this question, our experience is: cloud services a big challenge is that any one of the small problems can be magnified, a problem affects thousands of web sites on the cloud, it will affect the millions hundreds of millions of users on these sites.

Thank @Bill Tsui, @rsync, @ vinegar in this problem validation to provide help!

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/cloud-computing/