The Internet has experienced explosive growth in recent years. The emergence of the World Wide Web has enabled millions of users around the world to easily download web resources containing text, graphics, video, and sound data while at home, work, or from remote locations via wireless devices. These web resources often are large in size and therefore require a long time to download, causing the user delay and frustration. Delay often causes users to abandon the requested web page and move on to another web page, resulting in lost revenue and exposure for many commercial web sites.
One cause of delay is accumulation of Hypertext Transfer Protocol (HTTP) requests within a Transfer Control Protocol (TCP) buffer of a server socket. When a user requests a web page, a web browser sends HTTP requests to a server socket via an established TCP connection. When the server does not process requests to a socket quickly enough, HTTP requests build up in the TCP buffer for that socket, resulting in processing delay in that socket.
An additional cause of delay is socket-related overhead processing. Conventional networking systems open up a server socket for each client that connects to the server, so that server overhead tends to increase in proportion to the number of connected clients. A given server can efficiently handle only so much overhead at once. Accordingly, the one-socket-per-client approach fundamentally limits the number clients that can simultaneously access a server.
These problems are magnified for secure transactions, such as transactions using the Secure Socket Layer (SSL) protocol, due to key exchanges and other security-related overhead processing. Under high loads, server response times drastically slow down, and clients often “time out” pending requests, and tear down and attempt to reestablish the connection. For each connection that is reestablished, a new key exchange must take place, and a new “slow start” procedure must be followed, in which TCP requests are initially sent at a slower rate to avoid network congestion. The constant tearing down and reestablishment of connections prevents the SSL traffic from receiving the time-saving benefits of so-called “persistent connections” enabled in HTTP 1.1, over which requests and replies may be “pipelined” in a non-serial manner. This further places additional burden on the SSL server. The result is that connections using the SSL protocol tend to be much slower than non-SSL connections.
One prior approach to the problem of slow SSL connections is SSL session ID caching and reuse. According to this approach, the server caches a SSL session ID for each SSL session. The session ID is shared with the client, and is valid for a predetermined period of time, such as 10 minutes. If the SSL connection between the server and client times out or is otherwise terminated, the client can reconnect to the server and announce its SSL session ID. The server is configured to check the announced session ID against a cache of stored session IDs, and, if a valid match is detected, reestablish the SSL connection without a new key exchange, thereby saving time. Under heavy loads, however, SSL session ID caching and reuse has the drawback that the server must manage a large cache of SSL session IDs, which significantly slows down server performance.
Further contributing to slow SSL connections, the security policies of many financial institutions require that all internal web-based transmission of financial information be conducted over secure connections. Thus, when a user accesses a bank web site, secure connections are required not only for the connection from the user to the bank, but also for all internal connections carrying the financial information between servers within the bank. The problems described above occur for each of multiple SSL connections involved in processing the user's request, further slowing response overall times. To combat these slow response times, financial institutions have been forced to deploy a higher number of servers than non-secure entities to service the same number of client connections. This results in higher costs for the financial institutions, which are ultimately passed on to consumers.