hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12725) RPC encryption benchmark and optimization prototypes
Date Fri, 04 Mar 2016 04:25:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15179291#comment-15179291
] 

Kai Zheng commented on HADOOP-12725:
------------------------------------

Thanks [~jerrychenhf] for the thorough thoughts on this.

bq. The current discussions by now focus on the GSSAPI used in SASL Kerberos mechanism. And
trying to optimize the GSSAPI internally.
Yes you're right. This is the first taking as the primary case in my thinking. Looks like
you have already made thorough investigation on this than me, I'd be very happy if you will
help with other cases.

bq. For Hadoop client, Kerberos method is usually used as the first step of authentication
to gain the access to the system. While different use cases follows a different pattern in
the following steps.
Again you're right, we currently focus on the initial authentication when Kerberos is enabled,
which is important to protect security credential exchanges used in following steps.

bq. The #2 option has the advantage that Hadoop RPC implementation has control on all the
optimizations and will not depend on under-layer mechanism optimization.
I guess the best option may be the 3rd one, using option #1 for the initial Kerberos authenticated
session and #2 for the following steps.

Any way, I thought it wouldn't be bad to prototype first if we have the idea, then consolidate
and refine the whole solution together. Your complete thoughts and inputs make much sense
toward the final result. Thanks!



> RPC encryption benchmark and optimization prototypes
> ----------------------------------------------------
>
>                 Key: HADOOP-12725
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12725
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kai Zheng
>            Assignee: Wei Zhou
>
> This would implement a benchmark tool to measure and compare the performance of Hadoop
IPC/RPC call when security is enabled and different SASL QOP(Quality of Protection) is enforced.
Given the data collected by this benchmark, it would then be able to know if any performance
concern when considering to enforce privacy, integration, or authenticy protection level,
and do optimization accordingly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message