hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10768) Optimize Hadoop RPC encryption performance
Date Wed, 21 Jun 2017 13:47:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16057543#comment-16057543
] 

Daryn Sharp commented on HADOOP-10768:
--------------------------------------

I specifically ensured the rpcv9 protocol (very early 2.x releases) is designed to support
a rpc proxy to reduce connections for instance to the NN.  Ex. Every rpc packet is framed
so a proxy can mux/demux the packets to clients even if encryption is used.  I know the sasl
wrap/unwrap path is expensive but haven't had the cycles to improve it.

Adding encryption to the entire stream will negate the proxy capability which is something
I think will soon be needed with very large clusters.  *-1* if that's what this patch does.
 I'll review shortly.

> Optimize Hadoop RPC encryption performance
> ------------------------------------------
>
>                 Key: HADOOP-10768
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10768
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: performance, security
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Yi Liu
>            Assignee: Dian Fu
>         Attachments: HADOOP-10768.001.patch, HADOOP-10768.002.patch, Optimize Hadoop
RPC encryption performance.pdf
>
>
> Hadoop RPC encryption is enabled by setting {{hadoop.rpc.protection}} to "privacy". It
utilized SASL {{GSSAPI}} and {{DIGEST-MD5}} mechanisms for secure authentication and data
protection. Even {{GSSAPI}} supports using AES, but without AES-NI support by default, so
the encryption is slow and will become bottleneck.
> After discuss with [~atm], [~tucu00] and [~umamaheswararao], we can do the same optimization
as in HDFS-6606. Use AES-NI with more than *20x* speedup.
> On the other hand, RPC message is small, but RPC is frequent and there may be lots of
RPC calls in one connection, we needs to setup benchmark to see real improvement and then
make a trade-off. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message