Return-Path: 
 <users-return-44159-apmail-camel-users-archive=camel.apache.org@camel.apache.org>
X-Original-To: apmail-camel-users-archive@www.apache.org
Delivered-To: apmail-camel-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 750A2109D2
	for <apmail-camel-users-archive@www.apache.org>;
 Fri, 25 Oct 2013 08:31:14 +0000 (UTC)
Received: (qmail 37833 invoked by uid 500); 25 Oct 2013 08:31:12 -0000
Delivered-To: apmail-camel-users-archive@camel.apache.org
Received: (qmail 37802 invoked by uid 500); 25 Oct 2013 08:31:12 -0000
Mailing-List: contact users-help@camel.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@camel.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@camel.apache.org>
List-Post: <mailto:users@camel.apache.org>
List-Id: <users.camel.apache.org>
Reply-To: users@camel.apache.org
Delivered-To: mailing list users@camel.apache.org
Received: (qmail 37794 invoked by uid 99); 25 Oct 2013 08:31:11 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Oct 2013 08:31:11 +0000
X-ASF-Spam-Status: No, hits=0.3 required=5.0
	tests=FREEMAIL_REPLY,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of claus.ibsen@gmail.com
 designates 209.85.223.173 as permitted sender)
Received: from [209.85.223.173] (HELO mail-ie0-f173.google.com)
 (209.85.223.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Oct 2013 08:31:06 +0000
Received: by mail-ie0-f173.google.com with SMTP id u16so5713316iet.4
        for <users@camel.apache.org>; Fri, 25 Oct 2013 01:30:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type:content-transfer-encoding;
        bh=93Os/TyJ8CAd5KquFlv7ZRpeio6wXvXnE2ZFeXC0I5I=;
        b=q7fjvBp8EPkuPxm0G3TUNx3GKzQZSBov4Ldk0e94Pj/7Tg9fpz4qEd41N4/7UEqDLF
         9Zt/dKVUxD81NYPbouMF259/QVxB5jSWIxcQiDI0MUeYUyhbZklvUc5LQtX78WI4Tto9
         bIM+pU6Q9Qu8zcapp0yOnnZBnodtLFFKZXHYKYTNrfhhsF+k3KuOBNbatoi2PMsnZXMS
         y3FpDE+cdFDxaQ7sqzmuFTGUAf9ipex9iWKy8s1sKdE0fk6OUa0CVfX7szar0ZuKAol6
         07NJvb9XUPvlvE8hH9Rj9iViYu/qD/vXqyx/oLJmkiO4YIqHg+l2TRsHsTSpRvG6H5pK
         i7Kg==
X-Received: by 10.50.39.84 with SMTP id n20mr1269293igk.14.1382689844682; Fri,
 25 Oct 2013 01:30:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.168.38 with HTTP; Fri, 25 Oct 2013 01:30:24 -0700 (PDT)
In-Reply-To: 
 <CAGB5yNk9E03NU=MYSrpFdS05tbE0vU8S9JrFoaj-YoxRi0QAkA@mail.gmail.com>
References: 
 <CAPVtPhpjXJAYYkzxSiMY=4yV7+HgX5jt+KPOP=o8KG1zVgxJ3w@mail.gmail.com>
 <B453A4C6E3E5443C99FB9ADA152681E6@gmail.com>
 <CAPVtPhpeEuBcAbHh2C6kNpv5VvnVkmuuM4avegvGy4cXbZVqQw@mail.gmail.com>
 <AB8217BDA765485C9AD13959D743EAA8@gmail.com>
 <CAPVtPhrZPTyQ3tAhxS9vfQ=MrShNcsn-w6Ss0mAZNv8M5SMx5g@mail.gmail.com>
 <CAGB5yNk9E03NU=MYSrpFdS05tbE0vU8S9JrFoaj-YoxRi0QAkA@mail.gmail.com>
From: Claus Ibsen <claus.ibsen@gmail.com>
Date: Fri, 25 Oct 2013 10:30:24 +0200
Message-ID: 
 <CAGB5yNnBwka_xXKMOjJ17r=TFQgd0ohTdzb5ojw21H+HVOrq5Q@mail.gmail.com>
Subject: Re: Performance Degradation due to Reverse DNS Lookups
To: "users@camel.apache.org" <users@camel.apache.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

Hi

I logged a ticket to not forget about this
https://issues.apache.org/jira/browse/CAMEL-6898

On Tue, Jun 25, 2013 at 11:19 AM, Claus Ibsen <claus.ibsen@gmail.com> wrote=
:
> On Tue, Jun 18, 2013 at 3:39 PM, rouble <r.ouble@gmail.com> wrote:
>> We already do something similar:
>> <SNIP>
>>                 SSLContext ctx =3D SSLContext.getInstance("SSL");
>>                 ctx.init(null, new TrustManager[] { new
>> TrustAllTrustManager() }, null);
>>                 SSLSocketFactory ssf =3D new SSLSocketFactory(ctx,
>> SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
>> </SNIP>
>>
>> This issue does not have to do with the host name verifier or with
>> camel per se, but more to do with the fact that Java core
>> implementation will try to do a reverse dns lookup when creating a
>> secure connection to an ip address. There are workarounds, but those
>> would need to be implemented in camel.
>>
>> Cheers
>> rouble
>>
>
> Yeah would be nice if we have a simple way of turning this on. Fell
> free to log a JIRA ticket.
>
>
>>
>>
>> On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang <willem.jiang@gmail.com> w=
rote:
>>> Hi,
>>>
>>> I'm not sure if setting the dummy implementation of X509HostnameVerifie=
r can resolve the issue.
>>> Can you try it to see if it work?
>>>
>>>
>>> --
>>> Willem Jiang
>>>
>>> Red Hat, Inc.
>>> FuseSource is now part of Red Hat
>>> Web: http://www.fusesource.com | http://www.redhat.com
>>> Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/=
) (English)
>>>           http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>>> Twitter: willemjiang
>>> Weibo: =E5=A7=9C=E5=AE=81willem
>>>
>>>
>>>
>>>
>>>
>>> On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
>>>
>>>> In my router configuration I am specifying "https4" - is that what you
>>>> wanted to know?
>>>>
>>>> cheers
>>>> rouble
>>>>
>>>> On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang <willem.jiang@gmail.com (=
mailto:willem.jiang@gmail.com)> wrote:
>>>> > Hi,
>>>> >
>>>> > There are lots of http related components can provide the https conn=
ection, it could be helpful if you can tell us which http component you are=
 using.
>>>> >
>>>> > --
>>>> > Willem Jiang
>>>> >
>>>> > Red Hat, Inc.
>>>> > FuseSource is now part of Red Hat
>>>> > Web: http://www.fusesource.com | http://www.redhat.com
>>>> > Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.c=
om/) (English)
>>>> > http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
>>>> > Twitter: willemjiang
>>>> > Weibo: =E5=A7=9C=E5=AE=81willem
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
>>>> >
>>>> > > Camel Dudes,
>>>> > >
>>>> > > We have detected a very strange issue in that our https routes deg=
rade
>>>> > > in performance when an ip address is used (as opposed to a domain
>>>> > > name).
>>>> > >
>>>> > > Turns out that the Java core libraries do reverse DNS lookup for i=
p
>>>> > > address when SSL connections are created. Read all about it here:
>>>> > >
>>>> > > https://forums.oracle.com/forums/thread.jspa?threadID=3D1532033
>>>> > > http://stackoverflow.com/questions/3193936/how-to-disable-javas-ss=
l-reverse-dns-lookup
>>>> > >
>>>> > > This becomes an issue when the IP address is not configured in the=
 DNS
>>>> > > server and the reverse DNS fails. In this case each connection has=
 to
>>>> > > wait for a timeout of the reverse DNS request before it can procee=
d.
>>>> > > This makes domain name connections faster than ip address connecti=
ons
>>>> > > - which is backwards.
>>>> > >
>>>> > > Is this a known issue? There are a few workarounds/hacks recommend=
ed
>>>> > > on the interwebs, I was wondering if it would be possible to intro=
duce
>>>> > > them into camel
>>>> > > (http://www.velocityreviews.com/forums/showpost.php?p=3D2959030&po=
stcount=3D8).
>>>> > >
>>>> > > tia,
>>>> > > rouble
>>>> >
>>>>
>>>
>>>
>>>
>
>
>
> --
> Claus Ibsen
> -----------------
> www.camelone.org: The open source integration conference.
>
> Red Hat, Inc.
> FuseSource is now part of Red Hat
> Email: cibsen@redhat.com
> Web: http://fusesource.com
> Twitter: davsclaus
> Blog: http://davsclaus.com
> Author of Camel in Action: http://www.manning.com/ibsen



--=20
Claus Ibsen
-----------------
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen