hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-6606) Optimize encryption support in DataTransfer Protocol with High performance
Date Mon, 30 Jun 2014 03:13:24 GMT
Yi Liu created HDFS-6606:
----------------------------

             Summary: Optimize encryption support in DataTransfer Protocol with High performance
                 Key: HDFS-6606
                 URL: https://issues.apache.org/jira/browse/HDFS-6606
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: datanode, hdfs-client, security
    Affects Versions: 3.0.0
            Reporter: Yi Liu
            Assignee: Yi Liu
             Fix For: 3.0.0


In HDFS-3637, [~atm] added support for encrypting the DataTransferProtocol, it was a great
work.
It utilizes SASL {{Digest-MD5}} mechanism,  it supports three security strength:
* high                      3des   or rc4 (126bits)
* medium             des or rc4(56bits)
* low                       rc4(40bits)

3des and rc4 are slow, only *tens of MB/s*, 
http://www.javamex.com/tutorials/cryptography/ciphers.shtml
http://www.cs.wustl.edu/~jain/cse567-06/ftp/encryption_perf/

I will give more detailed performance data in future. Absolutely it’s bottleneck and will
vastly affect the end to end performance. 

AES(Advanced Encryption Standard) is recommended as a replacement of DES, it’s more secure;
with AES-NI support, the throughput can reach nearly *2GB/s*, it won’t be the bottleneck
any more, AES and CryptoCodec work is supported in HADOOP-10150, HADOOP-10603 and HADOOP-10693
(We may need to add a new mode support for AES). 

This JIRA will use AES with AES-NI support as encryption algorithm for DataTransferProtocol.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message