[jira] [Commented] (CLOUDSTACK-9348) CloudStack Server degrades when a lot of connections on port 8250

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15272663#comment-15272663
 ] 

ASF GitHub Bot commented on CLOUDSTACK-9348:
--------------------------------------------

Github user rhtyd commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1493#discussion_r62219725
  
    --- Diff: utils/src/test/java/com/cloud/utils/testcase/NioTest.java ---
    @@ -19,146 +19,208 @@
     
     package com.cloud.utils.testcase;
     
    -import java.nio.channels.ClosedChannelException;
    -import java.util.Random;
    -
    -import junit.framework.TestCase;
    -
    -import org.apache.log4j.Logger;
    -import org.junit.Assert;
    -
    +import com.cloud.utils.concurrency.NamedThreadFactory;
     import com.cloud.utils.exception.NioConnectionException;
     import com.cloud.utils.nio.HandlerFactory;
     import com.cloud.utils.nio.Link;
     import com.cloud.utils.nio.NioClient;
     import com.cloud.utils.nio.NioServer;
     import com.cloud.utils.nio.Task;
     import com.cloud.utils.nio.Task.Type;
    +import org.apache.log4j.Logger;
    +import org.junit.After;
    +import org.junit.Assert;
    +import org.junit.Before;
    +import org.junit.Test;
    +
    +import java.io.IOException;
    +import java.net.InetSocketAddress;
    +import java.nio.channels.ClosedChannelException;
    +import java.nio.channels.Selector;
    +import java.nio.channels.SocketChannel;
    +import java.util.ArrayList;
    +import java.util.List;
    +import java.util.Random;
    +import java.util.concurrent.ExecutorService;
    +import java.util.concurrent.Executors;
     
     /**
    - *
    - *
    - *
    - *
    + * NioTest demonstrates that NioServer can function without getting its 
main IO
    + * loop blocked when an aggressive or malicious client connects to the 
server but
    + * fail to participate in SSL handshake. In this test, we run bunch of 
clients
    + * that send a known payload to the server, to which multiple malicious 
clients
    + * also try to connect and hang.
    + * A malicious client could cause denial-of-service if the server's main 
IO loop
    + * along with SSL handshake was blocking. A passing tests shows that 
NioServer
    + * can still function in case of connection load and that the main IO loop 
along
    + * with SSL handshake is non-blocking with some internal timeout mechanism.
      */
     
    -public class NioTest extends TestCase {
    +public class NioTest {
    +
    +    private static final Logger LOGGER = Logger.getLogger(NioTest.class);
    +
    +    // Test should fail in due time instead of looping forever
    +    private static final int TESTTIMEOUT = 300000;
     
    -    private static final Logger s_logger = Logger.getLogger(NioTest.class);
    +    final private int totalTestCount = 5;
    +    private int completedTestCount = 0;
     
    -    private NioServer _server;
    -    private NioClient _client;
    +    private NioServer server;
    +    private List<NioClient> clients = new ArrayList<>();
    +    private List<NioClient> maliciousClients = new ArrayList<>();
     
    -    private Link _clientLink;
    +    private ExecutorService clientExecutor = 
Executors.newFixedThreadPool(totalTestCount, new 
NamedThreadFactory("NioClientHandler"));;
    +    private ExecutorService maliciousExecutor = 
Executors.newFixedThreadPool(5*totalTestCount, new 
NamedThreadFactory("MaliciousNioClientHandler"));;
     
    -    private int _testCount;
    -    private int _completedCount;
    +    private Random randomGenerator = new Random();
    +    private byte[] testBytes;
     
         private boolean isTestsDone() {
             boolean result;
             synchronized (this) {
    -            result = _testCount == _completedCount;
    +            result = totalTestCount == completedTestCount;
    --- End diff --
    
    @swill I'll try to reproduce and fix with a patch to reduce the numbers. 
Test count 0 to len -1 is still a total `len` counts so this is correct. 
Consider then, 0 to 4 is `0, 1, 2, 3 , 4` --> they are 5 runs/rounds/counts


> CloudStack Server degrades when a lot of connections on port 8250
> -----------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9348
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9348
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.9.0
>
>
> An intermittent issue was found with a large CloudStack deployment, where 
> servers could not keep agents connected on port 8250.
> All connections are handled by accept() in NioConnection:
> https://github.com/apache/cloudstack/blob/master/utils/src/main/java/com/cloud/utils/nio/NioConnection.java#L125
> A new connection is handled by accept() which does blocking SSL handshake. A 
> good fix would be to make this non-blocking and handle expensive tasks in 
> separate threads/pool. This way the main IO loop won't be blocked and can 
> continue to serve other agents/clients.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)