Intel QAT nginx
With the nginx HTTPS test, we get to use something that many people do not know exists. we are going to look at the nginx HTTPS TLS handshake performance using QAT Engine. This is going to encompass both the hardware offload, but also the IPP using onboard Ice Lake extensions. Since performance is going to vary a lot based on our different cases, we are aiming for 45,000 connections per second and adjusting the various solutions to achieve around that mark by dialing up and down threads as well as testing the different placement of the threads on the chips.
To give some sense of where the acceleration is happening, Intel has this diagram that shows where it accelerates the HTTPS TLS handshake that we dug up for our QAT card piece:
With that, let us take a look at the performance.
Intel used 67 cores in its slide, and that felt odd. We tried from 64-128, and that was the right number to get to this ~65Gbps range. Our numbers were slightly closer than Intel’s internal numbers, but that was because of the massive cooling again we had in the EPYC system.
Astute readers may have noticed two things here. First, there is a massive jump from Ice Lake to Sapphire. A big part of that is actually because we had to use hyper-threading to get to the ~45Gbps we used to match the add-in card accelerator. With Sapphire and Milan, we have the core count to stay on physical cores and scale to the ~65Gbps range. Still, looking at the numbers a bit closer, interesting patterns emerge:
First, Milan, with no acceleration in the base case, is actually beating Sapphire Rapids. Remember that Genoa is a performance uplift. QAT Engine is just using Intel Ice Lake / Sapphire instructions to accelerate the workload, not the QAT hardware acceleration block. That is a massive gain just from swapping out libraries. The QAT hardware accelerator is faster than the PCIe card version that we looked at previously. That is a big deal for Sapphire Rapids. Not only are we getting built-in acceleration, but we are also getting faster than even the previous generation add-in cards offered.
Next, let us get to our final words on this one.