fix(proxy): reduce SSL connection overhead by setting TCP_NODELAY#15
Open
nik-localstack wants to merge 1 commit into
Open
fix(proxy): reduce SSL connection overhead by setting TCP_NODELAY#15nik-localstack wants to merge 1 commit into
nik-localstack wants to merge 1 commit into
Conversation
Set TCP_NODELAY on both the client-facing and proxy-to-PostgreSQL sockets to disable Nagle's algorithm. PostgreSQL's connection startup involves rapid small-message exchanges (auth, parameter status, ready-for-query), and with SSL there are additional round trips for the SSLRequest handshake. Nagle's buffering was delaying these small packets by up to 40ms each, compounding into significant latency for workloads that open many short-lived connections. Measured improvement on 101 connections x 3 queries: SSL overhead reduced from +6s to +2s vs no-SSL baseline. Per-query overhead with connection reuse is unaffected (remains ~0s). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TCP_NODELAYon both the client-facing socket and the proxy-to-PostgreSQL socketBackground
SSL connections through the proxy showed ~3x latency overhead compared to no-SSL for workloads that open many short-lived connections (the customer-reported pattern). Root cause analysis showed the overhead was entirely in connection setup, not per-query processing (a single reused connection had no measurable difference between SSL and no-SSL).
PostgreSQL connection startup is a rapid exchange of small messages (auth, parameter status, ready-for-query). With SSL there are even more round trips (SSLRequest → "S" → TLS handshake → startup). Nagle's algorithm was delaying each of these small packets, compounding the latency.
TCP_NODELAYis the standard setting for interactive protocol proxies.libpqand JDBC both set it unconditionally.Results
Measured with 101 connections × 3 queries each:
Related readings
https://en.wikipedia.org/wiki/Nagle%27s_algorithm
https://brooker.co.za/blog/2024/05/09/nagle.html