[jira] [Updated] (TC-29) Traffic Router TPS for HTTPS requests diminishes when reloading certificates

David Neuman (JIRA) Mon, 07 Nov 2016 06:53:24 -0800

     [ 
https://issues.apache.org/jira/browse/TC-29?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Neuman updated TC-29:
---------------------------
    Description: 
When Traffic Router reloads SSL certificates while processing HTTPS 
transactions, the TPS drops significantly. 


Example Log output during the drop in TPS: 

INFO  2016-11-07T14:05:23.363 [pool-2-thread-1] 
com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: 
https://to.kabletown.net/api/1.2/cdns/name/test-xc
r/sslkeys.json; timeout is 15000
INFO  2016-11-07T14:05:23.500 [New I/O worker #8] 
com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - 
Entered processConfig
INFO  2016-11-07T14:05:23.500 [New I/O worker #8] 
com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - 
Exiting processConfig: No json data to process
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-02 domain ds-02.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-01 domain ds-01.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-05 domain ds-05.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-04 domain ds-04.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-03 domain ds-03.cdn.kabletown.net.net
INFO  2016-11-07T14:05:43.399 [pool-17-thread-1] 
com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: 
https://to.kabletown.net/api/1.1/cdns/name/test-xcr/dnsseckeys.json; timeout is 
30000
INFO  2016-11-07T14:06:23.339 [pool-5-thread-1] 
com.comcast.cdn.traffic_control.traffic_router.core.monitor.TrafficMonitorWatcher
 - Loading properties from /opt/traffic_router/conf/traffic_monitor.properties


  was:
When Traffic Router is processing HTTPS transactions and then reloads 
certificates, the TPS drops significantly. It appears traffic router stops 
processing requests when it loads the certs and then continues processing again.


Example Log output during the drop in TPS: 

INFO  2016-11-07T14:05:23.363 [pool-2-thread-1] 
com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: 
https://to.kabletown.net/api/1.2/cdns/name/test-xc
r/sslkeys.json; timeout is 15000
INFO  2016-11-07T14:05:23.500 [New I/O worker #8] 
com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - 
Entered processConfig
INFO  2016-11-07T14:05:23.500 [New I/O worker #8] 
com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - 
Exiting processConfig: No json data to process
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-02 domain ds-02.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-01 domain ds-01.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-05 domain ds-05.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-04 domain ds-04.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] 
com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - 
No certificate data for https cdn-ds-03 domain ds-03.cdn.kabletown.net.net
INFO  2016-11-07T14:05:43.399 [pool-17-thread-1] 
com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: 
https://to.kabletown.net/api/1.1/cdns/name/test-xcr/dnsseckeys.json; timeout is 
30000
INFO  2016-11-07T14:06:23.339 [pool-5-thread-1] 
com.comcast.cdn.traffic_control.traffic_router.core.monitor.TrafficMonitorWatcher
 - Loading properties from /opt/traffic_router/conf/traffic_monitor.properties



> Traffic Router TPS for HTTPS requests diminishes when reloading certificates
> ----------------------------------------------------------------------------
>
>                 Key: TC-29
>                 URL: https://issues.apache.org/jira/browse/TC-29
>             Project: Traffic Control
>          Issue Type: Bug
>          Components: Traffic Router
>            Reporter: David Neuman
>
> When Traffic Router reloads SSL certificates while processing HTTPS 
> transactions, the TPS drops significantly. 
> Example Log output during the drop in TPS: 
> INFO  2016-11-07T14:05:23.363 [pool-2-thread-1] 
> com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: 
> https://to.kabletown.net/api/1.2/cdns/name/test-xc
> r/sslkeys.json; timeout is 15000
> INFO  2016-11-07T14:05:23.500 [New I/O worker #8] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - 
> Entered processConfig
> INFO  2016-11-07T14:05:23.500 [New I/O worker #8] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - 
> Exiting processConfig: No json data to process
> ERROR 2016-11-07T14:05:24.760 [Thread-5] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker 
> - No certificate data for https cdn-ds-02 domain ds-02.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker 
> - No certificate data for https cdn-ds-01 domain ds-01.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker 
> - No certificate data for https cdn-ds-05 domain ds-05.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker 
> - No certificate data for https cdn-ds-04 domain ds-04.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] 
> com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker 
> - No certificate data for https cdn-ds-03 domain ds-03.cdn.kabletown.net.net
> INFO  2016-11-07T14:05:43.399 [pool-17-thread-1] 
> com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: 
> https://to.kabletown.net/api/1.1/cdns/name/test-xcr/dnsseckeys.json; timeout 
> is 30000
> INFO  2016-11-07T14:06:23.339 [pool-5-thread-1] 
> com.comcast.cdn.traffic_control.traffic_router.core.monitor.TrafficMonitorWatcher
>  - Loading properties from /opt/traffic_router/conf/traffic_monitor.properties



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (TC-29) Traffic Router TPS for HTTPS requests diminishes when reloading certificates

Reply via email to