[
https://issues.apache.org/jira/browse/HADOOP-15978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718202#comment-16718202
]
Daryn Sharp commented on HADOOP-15978:
--------------------------------------
Yes, complete compatibility is tantamount. I will not break the protocol.
With no TLS, any mix of Netty client/server will work. With TLS, both will
need to be Netty (although technically you should be able to use something like
NIO ipc + stunnel). A TLS enabled server with mandatory TLS will return a
protocol compliant error response that TLS is required.
I think an early prototype showed a ~4% degradation using Netty. It
re-implemented some of the code paths which aren't in this patch. The Netty
architecture is nice but is has more overhead than hadoop's highly optimized
ipc. Absorbing that overhead is going to be necessary to quickly get us to a
standard TLS implementation.
I'm soon going to disappear for probably the rest of the year so it would be
great if I can get some general review comments on the approach.
> Add Netty support to the RPC server
> -----------------------------------
>
> Key: HADOOP-15978
> URL: https://issues.apache.org/jira/browse/HADOOP-15978
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc, security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Major
> Attachments: HADOOP-15978.patch
>
>
> Adding Netty will allow later using a native TLS transport layer with much
> better performance than that offered by Java's SSLEngine.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
