

Lessons learned tuning TCP and Nginx in EC2 - jlintz
http://engineering.chartbeat.com/2014/02/12/part-2-lessons-learned-tuning-tcp-and-nginx-in-ec2/

======
larsmak
If I understand this correctly then the huge improvement in latency (from
200ms to 3ms) comes from not having to deal with slow clients directly.
Traffic to your front-end server are now only from ELB, and ELB is "spoon-
feeding" the web-clients. This is true if you are using ELB in "http-mode".
This also explains why you can cut the front-end servers by 20% - as each
request is handled more efficiently (lower latency equals higher throughput).
Also, connection-reuse is more efficient as the set of servers in the ELB-pool
is more limited that the set of web-clients.

------
reedloden
ELBs have terrible TLS support... Cipher suite choice and ordering support is
abysmal, and they only recently started supporting newer TLS versions. OCSP
stapling isn't supported either.

[https://wiki.mozilla.org/Security/Server_Side_TLS#Amazon_Web...](https://wiki.mozilla.org/Security/Server_Side_TLS#Amazon_Web_Services_Elastic_Load_Balancer_.28AWS_ELB.29)
gives more information if you're curious.

------
falcolas
Small note - gratutious arp and traditional VIPs are available within a VPC.

~~~
jlintz
interesting, I can't find anything that supports this. Do you have a link to a
doc?

edit: or are you referring to using ENIs?

~~~
falcolas
Sure, here you go. Basically, you can set up a private subnet, from which you
can use any IP.

[http://aws.amazon.com/articles/2127188135977316](http://aws.amazon.com/articles/2127188135977316)

~~~
wmf
It looks like this is using APIs not ARP to move the IP address; am I wrong?

~~~
mh-
that's correct as far as I understand the capabilities in VPC.

------
gog
Check you site with Ghostery, the CSS does not load.

~~~
taf2
sounds like a bug in Ghostery?

~~~
scottbruin
I see this issue a lot with blogs related to tracking companies (Mixpanel, for
example). These companies are serving their blog CSS from the same hostname as
they serve their tracking code, so Ghostery blocks it.

