hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "kartheek muthyala (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13836) Securing Hadoop RPC using SSL
Date Wed, 15 Feb 2017 08:48:42 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15867474#comment-15867474

kartheek muthyala commented on HADOOP-13836:

Sorry for the delayed response. [~daryn], given that most of your concerns are related to
the blocking implementation of readAndProcess, let me break this task to 2 items
1. Validate if we can implement the same functionality without having a separate readAndProcess
method for SSL implementation. This will most probably push the buffered reader implementation
to SSLServerSocketChannel layer.
2. Address the performance concerns of the implementation.

For achieving task1, I will make changes in the existing patch to check if we can achieve
it, without making major changes to readAndProcess. Task2 might require more iterations to
identify the bugs, deadlocks, blocking readers etc. Given that at this point we have a clear
separation of SSL implementation from default, we should be safe to commit it and work on
the issues as they get identified. Please suggest. 
" kartheek muthyala, please use a profiler to check for a hot spot or highly contended sync
point" - Sure, when I do the next level of testing, I will attach a profiler and see if there
are any hot spots.

> Securing Hadoop RPC using SSL
> -----------------------------
>                 Key: HADOOP-13836
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13836
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: ipc
>            Reporter: kartheek muthyala
>            Assignee: kartheek muthyala
>         Attachments: HADOOP-13836.patch, HADOOP-13836-v2.patch, HADOOP-13836-v3.patch,
HADOOP-13836-v4.patch, Secure IPC OSS Proposal-1.pdf, SecureIPC Performance Analysis-OSS.pdf
> Today, RPC connections in Hadoop are encrypted using Simple Authentication & Security
Layer (SASL), with the Kerberos ticket based authentication or Digest-md5 checksum based authentication
protocols. This proposal is about enhancing this cipher suite with SSL/TLS based encryption
and authentication. SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard,
that provides data security and integrity across two different end points in a network. This
protocol has made its way to a number of applications such as web browsing, email, internet
faxing, messaging, VOIP etc. And supporting this cipher suite at the core of Hadoop would
give a good synergy with the applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes of communication
> 1.	Plain 
> 2.     SASL encryption with an underlying authentication
> 3.     SSL based encryption and authentication (x509 certificate)

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message