Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
Date: Fri, 19 Aug 2016 16:40:21 +0000 (UTC)
From: "Hudson (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.12936438.1454527455000.356222.1471624821247@Atlassian.JIRA>
In-Reply-To: <JIRA.12936438.1454527455000@Atlassian.JIRA>
References: <JIRA.12936438.1454527455000@Atlassian.JIRA> <JIRA.12936438.1454527455176@arcas>
Subject: [jira] [Commented] (HADOOP-12765) HttpServer2 should switch to
 using the non-blocking SslSelectChannelConnector to prevent performance
 degradation when handling SSL connections
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Fri, 19 Aug 2016 16:40:23 -0000


    [ https://issues.apache.org/jira/browse/HADOOP-12765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15428416#comment-15428416 ] 

Hudson commented on HADOOP-12765:
---------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10310 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10310/])
HADOOP-12765. HttpServer2 should switch to using the non-blocking (weichiu: rev 03a9343d5798384b66fbd21e1e028acaf55b00e9)
* (edit) hadoop-common-project/hadoop-common/pom.xml
* (add) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SslSelectChannelConnectorSecure.java
* (delete) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SslSocketConnectorSecure.java
* (edit) hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/test/TestJettyHelper.java
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
* (edit) hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/MiniKMS.java
* (edit) hadoop-project/pom.xml


> HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections
> ----------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12765
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12765
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.7.2, 2.6.3
>            Reporter: Min Shen
>            Assignee: Min Shen
>         Attachments: HADOOP-12765.001.patch, HADOOP-12765.001.patch, HADOOP-12765.002.patch, HADOOP-12765.003.patch, HADOOP-12765.004.patch, HADOOP-12765.005.patch, blocking_1.png, blocking_2.png, unblocking.png
>
>
> The current implementation uses the blocking SslSocketConnector which takes the default maxIdleTime as 200 seconds. We noticed in our cluster that when users use a custom client that accesses the WebHDFS REST APIs through https, it could block all the 250 handler threads in NN jetty server, causing severe performance degradation for accessing WebHDFS and NN web UI. Attached screenshots (blocking_1.png and blocking_2.png) illustrate that when using SslSocketConnector, the jetty handler threads are not released until the 200 seconds maxIdleTime has passed. With sufficient number of SSL connections, this issue could render NN HttpServer to become entirely irresponsive.
> We propose to use the non-blocking SslSelectChannelConnector as a fix. We have deployed the attached patch within our cluster, and have seen significant improvement. The attached screenshot (unblocking.png) further illustrates the behavior of NN jetty server after switching to using SslSelectChannelConnector.
> The patch further disables SSLv3 protocol on server side to preserve the spirit of HADOOP-11260.


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org