[jira] [Commented] (HDFS-9854) Log cipher suite negotiation more verbosely

Wed, 24 Feb 2016 13:07:29 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-9854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15163806#comment-15163806
 ] 

Hudson commented on HDFS-9854:
------------------------------

FAILURE: Integrated in Hadoop-trunk-Commit #9362 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/9362/])
HDFS-9854. Log cipher suite negotiation more verbosely. Contributed by 
(cnauroth: rev d1dd248b756e5a323ac885eefd3f81a639d6b86f)
* 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
* hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* 
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java


> Log cipher suite negotiation more verbosely
> -------------------------------------------
>
>                 Key: HDFS-9854
>                 URL: https://issues.apache.org/jira/browse/HDFS-9854
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>              Labels: encryption, supportability
>             Fix For: 2.8.0
>
>         Attachments: HADOOP-12816.001.patch
>
>
> We've had difficulty probing the root cause of performance slowdown with 
> in-transit encryption using AES-NI. We finally found the root cause was the 
> Hadoop client did not configure encryption properties correctly, so they did 
> not negotiate AES cipher suite when creating an encrypted stream pair, 
> despite the server (a data node) supports it. Existing debug message did not 
> help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on 
> the same data node, but that refers to the communication with other data 
> nodes.
> It would be really helpful to log a debug message if a SASL server configures 
> AES cipher suite, but the SASL client doesn't, or vice versa. This debug 
> message should also log the client address to differentiate it from other 
> stream pairs. 
> More over, the debug message "Server using cipher suite AES/CTR/NoPadding" 
> should also be extended to include the client's address.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to