hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Min Shen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-12765) HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections
Date Wed, 03 Feb 2016 19:24:39 GMT
Min Shen created HADOOP-12765:
---------------------------------

             Summary: HttpServer2 should switch to using the non-blocking SslSelectChannelConnector
to prevent performance degradation when handling SSL connections
                 Key: HADOOP-12765
                 URL: https://issues.apache.org/jira/browse/HADOOP-12765
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: Min Shen
            Assignee: Min Shen


The current implementation uses the blocking SslSocketConnector which takes the default maxIdleTime
as 200 seconds. We noticed in our cluster that when users use a custom client that accesses
the WebHDFS REST APIs through https, it could block all the 250 handler threads in NN jetty
server, causing severe performance degradation for accessing WebHDFS and NN web UI. Attached
screenshots (blocking_1.png and blocking_2.png) illustrate that when using SslSocketConnector,
the jetty handler threads are not released until the 200 seconds maxIdleTime has passed. With
sufficient number of SSL connections, this issue could render NN HttpServer to become entirely
irresponsive.

We propose to use the non-blocking SslSelectChannelConnector as a fix. We have deployed the
attached patch within our cluster, and have seen significant improvement. The attached screenshot
(unblocking.png) further illustrates the behavior of NN jetty server after switching to using
SslSelectChannelConnector.

The patch further disables SSLv3 protocol on server side to preserve the spirit of HADOOP-11260.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message