Hi, I totally agree with Andy, and remark that https has a measurably lower performance than http. The only case I know where the difference is small is the transfer of a big file, but can't comment for high parallelism or about CPU limits. For example, here is a snippet of the DPM nightly tests performing a stat storm towards the trunk testbed. HTTP scores 10.3KHz, while HTTPS scores 9.4KHz. The server is Apache with persistent connections, hence there are very few handshakes/connections. I expect a much bigger difference in the case of a larger population of random clients from different machines, as this case is pretty artificial, however it shows a measurable difference even in an easy case. . http :: stat (0 sec) .. http :: stat (0 sec) [local] ... http :: stat (10 sec) [local] Finished PASS http :: stat (init: 0.10 sec, main: 4.84 sec) Agent: jenkins-perf-tester01.cern.ch Command: /usr/bin/hammer-http --url http://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-heavy- read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0 --lastfile 50000 --initialization true --max-in-flight 1000 Assigned files [0-50000) and 40 threads Rate: 10333.64 Hz Latency span: from 0.00 to 0.04 sec Rate: 10333.64 Hz Latency span: from 0.00 to 0.04 sec . https :: stat (0 sec) .. https :: stat (0 sec) [local] ... https :: stat (10 sec) [local] Finished PASS https :: stat (init: 0.14 sec, main: 5.30 sec) Agent: jenkins-perf-tester01.cern.ch Command: /usr/bin/hammer-http --url https://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k- heavy-read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0 --lastfile 50000 --initialization true --max-in-flight 1000 Assigned files [0-50000) and 40 threads Rate: 9438.29 Hz Latency span: from 0.00 to 0.68 sec Rate: 9438.29 Hz Latency span: from 0.00 to 0.68 sec Cheers f On 08/21/2018 01:55 AM, Andrew Hanushevsky wrote: > @bbockelm <https://github.com/bbockelm> Actually, TLS does have some drawbacks that aren't revealed in the papers (so I'm not > quite sure what they were actually measuring but I am quite sure they are the only ones who could repeat those measurements :-) > Anyway, if you use TLS you can't use sendfile() nor can you use io vectors (i.e. readv() and writev()). Depending on your > workload, the lack of those can increase CPU usage a significant amount. So, I think it's a bit misleading to simply say TLS is > cheap. More accurately, TLS may be cheap depending on what you're doing. > > In any case, I think Fabrizio should fix the url tokens anyway. Though, I agree with you, this is a security headache. > > — > You are receiving this because you commented. > Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/745#issuecomment-414501873>, or mute > the thread <https://github.com/notifications/unsubscribe-auth/AFIaT9R99irSlnrCdPhdLqDhjvOxgmJFks5uS0x5gaJpZM4UrKaP>. > -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/745#issuecomment-414583897 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1