camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: Performance Degradation due to Reverse DNS Lookups
Date Fri, 25 Oct 2013 08:30:24 GMT
Hi

I logged a ticket to not forget about this
https://issues.apache.org/jira/browse/CAMEL-6898

On Tue, Jun 25, 2013 at 11:19 AM, Claus Ibsen <claus.ibsen@gmail.com> wrote:
> On Tue, Jun 18, 2013 at 3:39 PM, rouble <r.ouble@gmail.com> wrote:
>> We already do something similar:
>> <SNIP>
>>                 SSLContext ctx = SSLContext.getInstance("SSL");
>>                 ctx.init(null, new TrustManager[] { new
>> TrustAllTrustManager() }, null);
>>                 SSLSocketFactory ssf = new SSLSocketFactory(ctx,
>> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
>> </SNIP>
>>
>> This issue does not have to do with the host name verifier or with
>> camel per se, but more to do with the fact that Java core
>> implementation will try to do a reverse dns lookup when creating a
>> secure connection to an ip address. There are workarounds, but those
>> would need to be implemented in camel.
>>
>> Cheers
>> rouble
>>
>
> Yeah would be nice if we have a simple way of turning this on. Fell
> free to log a JIRA ticket.
>
>
>>
>>
>> On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang <willem.jiang@gmail.com> wrote:
>>> Hi,
>>>
>>> I'm not sure if setting the dummy implementation of X509HostnameVerifier can
resolve the issue.
>>> Can you try it to see if it work?
>>>
>>>
>>> --
>>> Willem Jiang
>>>
>>> Red Hat, Inc.
>>> FuseSource is now part of Red Hat
>>> Web: http://www.fusesource.com | http://www.redhat.com
>>> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
>>>           http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>>> Twitter: willemjiang
>>> Weibo: 姜宁willem
>>>
>>>
>>>
>>>
>>>
>>> On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
>>>
>>>> In my router configuration I am specifying "https4" - is that what you
>>>> wanted to know?
>>>>
>>>> cheers
>>>> rouble
>>>>
>>>> On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang <willem.jiang@gmail.com (mailto:willem.jiang@gmail.com)>
wrote:
>>>> > Hi,
>>>> >
>>>> > There are lots of http related components can provide the https connection,
it could be helpful if you can tell us which http component you are using.
>>>> >
>>>> > --
>>>> > Willem Jiang
>>>> >
>>>> > Red Hat, Inc.
>>>> > FuseSource is now part of Red Hat
>>>> > Web: http://www.fusesource.com | http://www.redhat.com
>>>> > Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
>>>> > http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>>>> > Twitter: willemjiang
>>>> > Weibo: 姜宁willem
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
>>>> >
>>>> > > Camel Dudes,
>>>> > >
>>>> > > We have detected a very strange issue in that our https routes
degrade
>>>> > > in performance when an ip address is used (as opposed to a domain
>>>> > > name).
>>>> > >
>>>> > > Turns out that the Java core libraries do reverse DNS lookup for
ip
>>>> > > address when SSL connections are created. Read all about it here:
>>>> > >
>>>> > > https://forums.oracle.com/forums/thread.jspa?threadID=1532033
>>>> > > http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup
>>>> > >
>>>> > > This becomes an issue when the IP address is not configured in
the DNS
>>>> > > server and the reverse DNS fails. In this case each connection
has to
>>>> > > wait for a timeout of the reverse DNS request before it can proceed.
>>>> > > This makes domain name connections faster than ip address connections
>>>> > > - which is backwards.
>>>> > >
>>>> > > Is this a known issue? There are a few workarounds/hacks recommended
>>>> > > on the interwebs, I was wondering if it would be possible to introduce
>>>> > > them into camel
>>>> > > (http://www.velocityreviews.com/forums/showpost.php?p=2959030&postcount=8).
>>>> > >
>>>> > > tia,
>>>> > > rouble
>>>> >
>>>>
>>>
>>>
>>>
>
>
>
> --
> Claus Ibsen
> -----------------
> www.camelone.org: The open source integration conference.
>
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Email: cibsen@redhat.com
> Web: http://fusesource.com
> Twitter: davsclaus
> Blog: http://davsclaus.com
> Author of Camel in Action: http://www.manning.com/ibsen



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Mime
View raw message