[jira] [Commented] (HADOOP-12765) HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections

Mon, 15 Aug 2016 09:15:55 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15421199#comment-15421199
 ] 

Wei-Chiu Chuang commented on HADOOP-12765:
------------------------------------------

Hello [~mshen] thanks for updating the patch! Overall looks good to me. I 
noticed the new method you added {{createHttpsChannelConnector}} has some 
duplication with {{createDefaultChannelConnector}}. Can you please de-duplicate 
the code if feasible?

> HttpServer2 should switch to using the non-blocking SslSelectChannelConnector 
> to prevent performance degradation when handling SSL connections
> ----------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12765
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12765
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.7.2, 2.6.3
>            Reporter: Min Shen
>            Assignee: Min Shen
>         Attachments: HADOOP-12765.001.patch, HADOOP-12765.001.patch, 
> HADOOP-12765.002.patch, blocking_1.png, blocking_2.png, unblocking.png
>
>
> The current implementation uses the blocking SslSocketConnector which takes 
> the default maxIdleTime as 200 seconds. We noticed in our cluster that when 
> users use a custom client that accesses the WebHDFS REST APIs through https, 
> it could block all the 250 handler threads in NN jetty server, causing severe 
> performance degradation for accessing WebHDFS and NN web UI. Attached 
> screenshots (blocking_1.png and blocking_2.png) illustrate that when using 
> SslSocketConnector, the jetty handler threads are not released until the 200 
> seconds maxIdleTime has passed. With sufficient number of SSL connections, 
> this issue could render NN HttpServer to become entirely irresponsive.
> We propose to use the non-blocking SslSelectChannelConnector as a fix. We 
> have deployed the attached patch within our cluster, and have seen 
> significant improvement. The attached screenshot (unblocking.png) further 
> illustrates the behavior of NN jetty server after switching to using 
> SslSelectChannelConnector.
> The patch further disables SSLv3 protocol on server side to preserve the 
> spirit of HADOOP-11260.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to