Hi,
I totally agree with Andy, and remark that https has a measurably lower performance than http. The only case
I know where the difference is small is the transfer of a big file, but can't comment for high parallelism
or about CPU limits.
For example, here is a snippet of the DPM nightly tests performing a stat storm towards
the trunk testbed. HTTP scores 10.3KHz, while HTTPS scores 9.4KHz. The server is Apache with
persistent connections, hence there are very few handshakes/connections.
I expect a much bigger difference in the case of a larger population of random clients
from different machines, as this case is pretty artificial, however it shows a measurable
difference even in an easy case.
. http :: stat (0 sec)
.. http :: stat (0 sec) [local]
... http :: stat (10 sec) [local] Finished
PASS http :: stat (init: 0.10 sec, main: 4.84 sec)
Agent: jenkins-perf-tester01.cern.ch
Command: /usr/bin/hammer-http --url http://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-heavy-
read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0 --lastfile
50000 --initialization true --max-in-flight 1000
Assigned files [0-50000) and 40 threads
Rate: 10333.64 Hz
Latency span: from 0.00 to 0.04 sec
Rate: 10333.64 Hz
Latency span: from 0.00 to 0.04 sec
. https :: stat (0 sec)
.. https :: stat (0 sec) [local]
... https :: stat (10 sec) [local] Finished
PASS https :: stat (init: 0.14 sec, main: 5.30 sec)
Agent: jenkins-perf-tester01.cern.ch
Command: /usr/bin/hammer-http --url https://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-
heavy-read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0
--lastfile 50000 --initialization true --max-in-flight 1000
Assigned files [0-50000) and 40 threads
Rate: 9438.29 Hz
Latency span: from 0.00 to 0.68 sec
Rate: 9438.29 Hz
Latency span: from 0.00 to 0.68 sec
Cheers
f
On 08/21/2018 01:55 AM, Andrew Hanushevsky wrote:
> @bbockelm <https://github.com/bbockelm> Actually, TLS does have some drawbacks that aren't revealed in the papers (so I'm not
> quite sure what they were actually measuring but I am quite sure they are the only ones who could repeat those measurements :-)
> Anyway, if you use TLS you can't use sendfile() nor can you use io vectors (i.e. readv() and writev()). Depending on your
> workload, the lack of those can increase CPU usage a significant amount. So, I think it's a bit misleading to simply say TLS is
> cheap. More accurately, TLS may be cheap depending on what you're doing.
>
> In any case, I think Fabrizio should fix the url tokens anyway. Though, I agree with you, this is a security headache.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/745#issuecomment-414501873>, or mute
> the thread <https://github.com/notifications/unsubscribe-auth/AFIaT9R99irSlnrCdPhdLqDhjvOxgmJFks5uS0x5gaJpZM4UrKaP>.
>
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/745#issuecomment-414583897
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
