Hi,
I totally agree with Andy, and remark that https has a measurably lower performance than http. The only case
I know where the difference is small is the transfer of a big file, but can't comment for high parallelism
or about CPU limits.
For example, here is a snippet of the DPM nightly tests performing a stat storm towards
the trunk testbed. HTTP scores 10.3KHz, while HTTPS scores 9.4KHz. The server is Apache with
persistent connections, hence there are very few handshakes/connections.
I expect a much bigger difference in the case of a larger population of random clients
from different machines, as this case is pretty artificial, however it shows a measurable
difference even in an easy case.
. http :: stat (0 sec)
.. http :: stat (0 sec) [local]
... http :: stat (10 sec) [local] Finished
PASS http :: stat (init: 0.10 sec, main: 4.84 sec)
Agent: jenkins-perf-tester01.cern.ch
Command: /usr/bin/hammer-http --url http://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-heavy-
read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0 --lastfile
50000 --initialization true --max-in-flight 1000
Assigned files [0-50000) and 40 threads
Rate: 10333.64 Hz
Latency span: from 0.00 to 0.04 sec
Rate: 10333.64 Hz
Latency span: from 0.00 to 0.04 sec
. https :: stat (0 sec)
.. https :: stat (0 sec) [local]
... https :: stat (10 sec) [local] Finished
PASS https :: stat (init: 0.14 sec, main: 5.30 sec)
Agent: jenkins-perf-tester01.cern.ch
Command: /usr/bin/hammer-http --url https://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-
heavy-read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0
--lastfile 50000 --initialization true --max-in-flight 1000
Assigned files [0-50000) and 40 threads
Rate: 9438.29 Hz
Latency span: from 0.00 to 0.68 sec
Rate: 9438.29 Hz
Latency span: from 0.00 to 0.68 sec
Cheers
f
On 08/21/2018 01:55 AM, Andrew Hanushevsky wrote:
> @bbockelm <https://github.com/bbockelm> Actually, TLS does have some drawbacks that aren't revealed in the papers (so I'm not
> quite sure what they were actually measuring but I am quite sure they are the only ones who could repeat those measurements :-)
> Anyway, if you use TLS you can't use sendfile() nor can you use io vectors (i.e. readv() and writev()). Depending on your
> workload, the lack of those can increase CPU usage a significant amount. So, I think it's a bit misleading to simply say TLS is
> cheap. More accurately, TLS may be cheap depending on what you're doing.
>
> In any case, I think Fabrizio should fix the url tokens anyway. Though, I agree with you, this is a security headache.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/745#issuecomment-414501873>, or mute
> the thread <https://github.com/notifications/unsubscribe-auth/AFIaT9R99irSlnrCdPhdLqDhjvOxgmJFks5uS0x5gaJpZM4UrKaP>.
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@ffurano in #745: Hi,\n\n I totally agree with Andy, and remark that https has a measurably lower performance than http. The only case\nI know where the difference is small is the transfer of a big file, but can't comment for high parallelism\nor about CPU limits.\n For example, here is a snippet of the DPM nightly tests performing a stat storm towards\nthe trunk testbed. HTTP scores 10.3KHz, while HTTPS scores 9.4KHz. The server is Apache with\npersistent connections, hence there are very few handshakes/connections.\nI expect a much bigger difference in the case of a larger population of random clients\nfrom different machines, as this case is pretty artificial, however it shows a measurable\ndifference even in an easy case.\n\n . http :: stat (0 sec)\n .. http :: stat (0 sec) [local]\n ... http :: stat (10 sec) [local] Finished\n PASS http :: stat (init: 0.10 sec, main: 4.84 sec)\n Agent: jenkins-perf-tester01.cern.ch\n Command: /usr/bin/hammer-http --url http://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-heavy-\n read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0 --lastfile\n 50000 --initialization true --max-in-flight 1000\n Assigned files [0-50000) and 40 threads\n Rate: 10333.64 Hz\n Latency span: from 0.00 to 0.04 sec\n Rate: 10333.64 Hz\n Latency span: from 0.00 to 0.04 sec\n\n . https :: stat (0 sec)\n .. https :: stat (0 sec) [local]\n ... https :: stat (10 sec) [local] Finished\n PASS https :: stat (init: 0.14 sec, main: 5.30 sec)\n Agent: jenkins-perf-tester01.cern.ch\n Command: /usr/bin/hammer-http --url https://dpmhead-trunk.cern.ch//dpm/cern.ch/home/dteam/nightly-50k-\n heavy-read/ --nthreads 40 --cert /tmp/x509up_u0 --key /tmp/x509up_u0 --operation stat --firstfile 0\n --lastfile 50000 --initialization true --max-in-flight 1000\n Assigned files [0-50000) and 40 threads\n Rate: 9438.29 Hz\n Latency span: from 0.00 to 0.68 sec\n Rate: 9438.29 Hz\n Latency span: from 0.00 to 0.68 sec\n\nCheers\nf\n\nOn 08/21/2018 01:55 AM, Andrew Hanushevsky wrote:\n\u003e @bbockelm \u003chttps://github.com/bbockelm\u003e Actually, TLS does have some drawbacks that aren't revealed in the papers (so I'm not\n\u003e quite sure what they were actually measuring but I am quite sure they are the only ones who could repeat those measurements :-)\n\u003e Anyway, if you use TLS you can't use sendfile() nor can you use io vectors (i.e. readv() and writev()). Depending on your\n\u003e workload, the lack of those can increase CPU usage a significant amount. So, I think it's a bit misleading to simply say TLS is\n\u003e cheap. More accurately, TLS may be cheap depending on what you're doing.\n\u003e \n\u003e In any case, I think Fabrizio should fix the url tokens anyway. Though, I agree with you, this is a security headache.\n\u003e \n\u003e —\n\u003e You are receiving this because you commented.\n\u003e Reply to this email directly, view it on GitHub \u003chttps://github.com/xrootd/xrootd/issues/745#issuecomment-414501873\u003e, or mute\n\u003e the thread \u003chttps://github.com/notifications/unsubscribe-auth/AFIaT9R99irSlnrCdPhdLqDhjvOxgmJFks5uS0x5gaJpZM4UrKaP\u003e.\n\u003e \n\n"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/745#issuecomment-414583897"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/745#issuecomment-414583897",
"url": "https://github.com/xrootd/xrootd/issues/745#issuecomment-414583897",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [xrootd/xrootd] selfhttps2http does not allow auth based on roles (#745)",
"sections": [
{
"text": "",
"activityTitle": "**Fabrizio Furano**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@ffurano",
"facts": [
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 745,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 745\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/745#issuecomment-414583897"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 346859151\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1