From common-issues-return-162264-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Sat Dec 15 07:21:04 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 07ADE180652 for ; Sat, 15 Dec 2018 07:21:03 +0100 (CET) Received: (qmail 89324 invoked by uid 500); 15 Dec 2018 06:21:02 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 89313 invoked by uid 99); 15 Dec 2018 06:21:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Dec 2018 06:21:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 0D236C1691 for ; Sat, 15 Dec 2018 06:21:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -110.301 X-Spam-Level: X-Spam-Status: No, score=-110.301 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id bMRL48l-PW7N for ; Sat, 15 Dec 2018 06:21:00 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id BB69B5FB27 for ; Sat, 15 Dec 2018 06:21:00 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 55B49E00CB for ; Sat, 15 Dec 2018 06:21:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0EFCA23FB0 for ; Sat, 15 Dec 2018 06:21:00 +0000 (UTC) Date: Sat, 15 Dec 2018 06:21:00 +0000 (UTC) From: "Todd Lipcon (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HADOOP-16011) OsSecureRandom very slow compared to other SecureRandom implementations MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Todd Lipcon created HADOOP-16011: ------------------------------------ Summary: OsSecureRandom very slow compared to other SecureRandom implementations Key: HADOOP-16011 URL: https://issues.apache.org/jira/browse/HADOOP-16011 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Todd Lipcon In looking at performance of a workload which creates a lot of short-lived remote connections to a secured DN, [~philip] and I found very high system CPU usage. We tracked it down to reads from /dev/random, which are incurred by the DN using CryptoCodec.generateSecureRandom to generate a transient session key and IV for AES encryption. In the case that the OpenSSL codec is not enabled, the above code falls through to the JDK SecureRandom implementation, which performs reasonably. However, OpenSSLCodec defaults to using OsSecureRandom, which reads all random data from /dev/random rather than doing something more efficient like initializing a CSPRNG from a small seed. I wrote a simple JMH benchmark to compare various approaches when running with concurrency 10: testHadoop - using CryptoCodec testNewSecureRandom - using 'new SecureRandom()' each iteration testSha1PrngNew - using the SHA1PRNG explicitly, new instance each iteration testSha1PrngShared - using a single shared instance of SHA1PRNG testSha1PrngThread - using a thread-specific instance of SHA1PRNG {code:java} Benchmark Mode Cnt Score Error Units MyBenchmark.testHadoop thrpt 1293.000 ops/s [with libhadoop.so] MyBenchmark.testHadoop thrpt 461515.697 ops/s [without libhadoop.so] MyBenchmark.testNewSecureRandom thrpt 43413.640 ops/s MyBenchmark.testSha1PrngNew thrpt 395515.000 ops/s MyBenchmark.testSha1PrngShared thrpt 164488.713 ops/s MyBenchmark.testSha1PrngThread thrpt 4295123.210 ops/s {code} In other words, the presence of the OpenSSL acceleration slows down this code path by 356x. And, compared to the optimal (thread-local Sha1Prng) it's 3321x slower. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org