Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12765

HttpServer2 should switch to using the non-blocking SslSelectChannelConnector to prevent performance degradation when handling SSL connections


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.2, 2.6.3
    • Fix Version/s: 2.8.0, 2.7.4, 3.0.0-alpha1
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Hadoop Flags:


      The current implementation uses the blocking SslSocketConnector which takes the default maxIdleTime as 200 seconds. We noticed in our cluster that when users use a custom client that accesses the WebHDFS REST APIs through https, it could block all the 250 handler threads in NN jetty server, causing severe performance degradation for accessing WebHDFS and NN web UI. Attached screenshots (blocking_1.png and blocking_2.png) illustrate that when using SslSocketConnector, the jetty handler threads are not released until the 200 seconds maxIdleTime has passed. With sufficient number of SSL connections, this issue could render NN HttpServer to become entirely irresponsive.

      We propose to use the non-blocking SslSelectChannelConnector as a fix. We have deployed the attached patch within our cluster, and have seen significant improvement. The attached screenshot (unblocking.png) further illustrates the behavior of NN jetty server after switching to using SslSelectChannelConnector.

      The patch further disables SSLv3 protocol on server side to preserve the spirit of HADOOP-11260.


        1. HADOOP-12765.001.patch
          14 kB
          Min Shen
        2. blocking_1.png
          1.03 MB
          Min Shen
        3. blocking_2.png
          1.01 MB
          Min Shen
        4. unblocking.png
          841 kB
          Min Shen
        5. HADOOP-12765.001.patch
          14 kB
          Vinayakumar B
        6. HADOOP-12765.002.patch
          15 kB
          Min Shen
        7. HADOOP-12765.003.patch
          16 kB
          Min Shen
        8. HADOOP-12765.004.patch
          15 kB
          Min Shen
        9. HADOOP-12765.005.patch
          14 kB
          Wei-Chiu Chuang
        10. HADOOP-12765-branch-2.patch
          14 kB
          Wei-Chiu Chuang

          Issue Links



              • Assignee:
                mshen Min Shen
                mshen Min Shen
              • Votes:
                0 Vote for this issue
                14 Start watching this issue


                • Created: