[jira] [Commented] (HADOOP-10768) Optimize Hadoop RPC encryption performance

Wed, 29 Nov 2017 18:58:56 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16272082#comment-16272082
 ] 

Dapeng Sun commented on HADOOP-10768:
-------------------------------------

HmacSHA1:
{noformat}
Total calls per second: 49716.0
CPU time per call on client: 19397 ns
CPU time per call on server: 37601 ns
{noformat}

HmacMD5:
{noformat}
Total calls per second: 50543.0
CPU time per call on client: 19293 ns
CPU time per call on server: 36630 ns
{noformat}

Configuration of RPCCallBenchmark:
{noformat}
          "--clientThreads", "30",
          "--serverThreads", "30",
          "--warmup", "60",
          "--time", "60",
          "--serverReaderThreads", "4",
          "--messageSize", "1024",
          "--qop", "INTEGRITY",
          "--cipher","AES/CTR/NoPadding",
          "--engine", "protobuf",
          "--sasl"
{noformat}


> Optimize Hadoop RPC encryption performance
> ------------------------------------------
>
>                 Key: HADOOP-10768
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10768
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: performance, security
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Yi Liu
>            Assignee: Dapeng Sun
>         Attachments: HADOOP-10768.001.patch, HADOOP-10768.002.patch, 
> HADOOP-10768.003.patch, HADOOP-10768.004.patch, HADOOP-10768.005.patch, 
> HADOOP-10768.006.patch, HADOOP-10768.007.patch, HADOOP-10768.008.patch, 
> Optimize Hadoop RPC encryption performance.pdf
>
>
> Hadoop RPC encryption is enabled by setting {{hadoop.rpc.protection}} to 
> "privacy". It utilized SASL {{GSSAPI}} and {{DIGEST-MD5}} mechanisms for 
> secure authentication and data protection. Even {{GSSAPI}} supports using 
> AES, but without AES-NI support by default, so the encryption is slow and 
> will become bottleneck.
> After discuss with [~atm], [~tucu00] and [~umamaheswararao], we can do the 
> same optimization as in HDFS-6606. Use AES-NI with more than *20x* speedup.
> On the other hand, RPC message is small, but RPC is frequent and there may be 
> lots of RPC calls in one connection, we needs to setup benchmark to see real 
> improvement and then make a trade-off. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to