CouchDB
  1. CouchDB
  2. COUCHDB-1634

authentication slows down all requests

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2, 1.3
    • Fix Version/s: 1.3
    • Component/s: HTTP Interface
    • Labels:
      None

      Description

      I did yesterday a lot of test on the replication yesterday and found why the replication was so slow and the CPU used so much on the "server".

      The tests consisted in replicating 10000 docs from 1 "server" node on a machine in 100 then 10 databases on 1 "client" node on another machine. The replication was launched on the "client" node (source is the "server" node). The replications on the 100 dbs are launched concurrently. The point is to simulate more or less 100 devices replicating on the "server" node at the same time.s connections

      For 100 replications tasks the time was ~1h with basic auth against ~10mn without. In the mean time teh CPU on the "server" node was at 700% with all the cores taken (8) and thoughtput was ~6-8Mb/s . Same diff apply to 10 concurrent replication tasks.

      This morning I did a quick test going back on sha1 and the replication was faster x2. cpu was really less used < 100%

      I think this is quite expected since we are doing on each request the following workflow:

      • base64.decode(auth header)
      • get user doc (cached or not)
      • hash auth
      • and compare to what we have in the doc or settings

      But I think we should improve it asap. If one optimisation should be made that should be here imo. Playing with the number of itterations of the hashing helps indeed but isn't enough. Also cookie auth even if I didn't test it yet should be faster since it doens't try to iterrate or such but still.

      Maybe we should introduce a session system in couch? Since at the end it will only consist in checking a tocken against another it may be faster. Or using other solution I don't yet. Others dbs are a lot faster on that purpose. ANyway I don't have a strong opinion on what the solution should be . But this is a big bottleneck for real usages of couchdb.

        Issue Links

          Activity

          Hide
          Robert Newson added a comment -

          The replicator should negotiate a session cookie and use that, surprised it doesn't already tbh.

          Show
          Robert Newson added a comment - The replicator should negotiate a session cookie and use that, surprised it doesn't already tbh.
          Hide
          Robert Newson added a comment -

          How could this affect the (future) 1.2.1?

          Show
          Robert Newson added a comment - How could this affect the (future) 1.2.1?
          Hide
          Benoit Chesneau added a comment -

          well same algo isn't pkbdf2 in 1.2 too ?

          Show
          Benoit Chesneau added a comment - well same algo isn't pkbdf2 in 1.2 too ?
          Hide
          Jan Lehnardt added a comment -

          nope.

          Show
          Jan Lehnardt added a comment - nope.
          Hide
          Benoit Chesneau added a comment -

          ok... This issue is still true for that version though or 1.2x since the auth is the same. It is just a little more faster (still ~30mn).

          Show
          Benoit Chesneau added a comment - ok... This issue is still true for that version though or 1.2x since the auth is the same. It is just a little more faster (still ~30mn).
          Hide
          Benoit Chesneau added a comment - - edited

          The session cookie idea looks good.

          Actually I do think that any auth method (like acquiring a token) that imply only 1 request to check the auth and others to test a token or cookie would be better indeed.

          Show
          Benoit Chesneau added a comment - - edited The session cookie idea looks good. Actually I do think that any auth method (like acquiring a token) that imply only 1 request to check the auth and others to test a token or cookie would be better indeed.
          Hide
          Robert Newson added a comment -

          the cache thing sounds better to me, I'll take a stab at it tomorrow.

          Show
          Robert Newson added a comment - the cache thing sounds better to me, I'll take a stab at it tomorrow.
          Hide
          Robert Newson added a comment -

          Reduced work factor for 1.3.

          Show
          Robert Newson added a comment - Reduced work factor for 1.3.
          Hide
          ASF subversion and git services added a comment -

          Commit f726bc4dee4a4be0d5ed15f012cfbafd2a9dd7d7 in branch refs/heads/master from Robert Newson
          [ https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=f726bc4 ]

          Reduce PBKDF2 work factor

          COUCHDB-1634

          Show
          ASF subversion and git services added a comment - Commit f726bc4dee4a4be0d5ed15f012cfbafd2a9dd7d7 in branch refs/heads/master from Robert Newson [ https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=f726bc4 ] Reduce PBKDF2 work factor COUCHDB-1634

            People

            • Assignee:
              Unassigned
              Reporter:
              Benoit Chesneau
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development