camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: Performance Degradation due to Reverse DNS Lookups
Date Tue, 25 Jun 2013 09:19:39 GMT
On Tue, Jun 18, 2013 at 3:39 PM, rouble <r.ouble@gmail.com> wrote:
> We already do something similar:
> <SNIP>
>                 SSLContext ctx = SSLContext.getInstance("SSL");
>                 ctx.init(null, new TrustManager[] { new
> TrustAllTrustManager() }, null);
>                 SSLSocketFactory ssf = new SSLSocketFactory(ctx,
> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
> </SNIP>
>
> This issue does not have to do with the host name verifier or with
> camel per se, but more to do with the fact that Java core
> implementation will try to do a reverse dns lookup when creating a
> secure connection to an ip address. There are workarounds, but those
> would need to be implemented in camel.
>
> Cheers
> rouble
>

Yeah would be nice if we have a simple way of turning this on. Fell
free to log a JIRA ticket.


>
>
> On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang <willem.jiang@gmail.com> wrote:
>> Hi,
>>
>> I'm not sure if setting the dummy implementation of X509HostnameVerifier can resolve
the issue.
>> Can you try it to see if it work?
>>
>>
>> --
>> Willem Jiang
>>
>> Red Hat, Inc.
>> FuseSource is now part of Red Hat
>> Web: http://www.fusesource.com | http://www.redhat.com
>> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
>>           http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>> Twitter: willemjiang
>> Weibo: 姜宁willem
>>
>>
>>
>>
>>
>> On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
>>
>>> In my router configuration I am specifying "https4" - is that what you
>>> wanted to know?
>>>
>>> cheers
>>> rouble
>>>
>>> On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang <willem.jiang@gmail.com (mailto:willem.jiang@gmail.com)>
wrote:
>>> > Hi,
>>> >
>>> > There are lots of http related components can provide the https connection,
it could be helpful if you can tell us which http component you are using.
>>> >
>>> > --
>>> > Willem Jiang
>>> >
>>> > Red Hat, Inc.
>>> > FuseSource is now part of Red Hat
>>> > Web: http://www.fusesource.com | http://www.redhat.com
>>> > Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
>>> > http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>>> > Twitter: willemjiang
>>> > Weibo: 姜宁willem
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
>>> >
>>> > > Camel Dudes,
>>> > >
>>> > > We have detected a very strange issue in that our https routes degrade
>>> > > in performance when an ip address is used (as opposed to a domain
>>> > > name).
>>> > >
>>> > > Turns out that the Java core libraries do reverse DNS lookup for ip
>>> > > address when SSL connections are created. Read all about it here:
>>> > >
>>> > > https://forums.oracle.com/forums/thread.jspa?threadID=1532033
>>> > > http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup
>>> > >
>>> > > This becomes an issue when the IP address is not configured in the
DNS
>>> > > server and the reverse DNS fails. In this case each connection has
to
>>> > > wait for a timeout of the reverse DNS request before it can proceed.
>>> > > This makes domain name connections faster than ip address connections
>>> > > - which is backwards.
>>> > >
>>> > > Is this a known issue? There are a few workarounds/hacks recommended
>>> > > on the interwebs, I was wondering if it would be possible to introduce
>>> > > them into camel
>>> > > (http://www.velocityreviews.com/forums/showpost.php?p=2959030&postcount=8).
>>> > >
>>> > > tia,
>>> > > rouble
>>> >
>>>
>>
>>
>>



--
Claus Ibsen
-----------------
www.camelone.org: The open source integration conference.

Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Mime
View raw message