I ran the benchmark on three versions of hadoop
- 0.20.1, which does not have any security code, and therefore kerberos and delegation token authentications are not applicable there.
- 0.20.100, which contains the latest state of security implementation
- 0.22.trunk, which does not have all the latest security patches applied at the time of benchmarking (just for the reference)
The benchmark creates a connection to the RPC server 1000 times. Each time the RPC server authenticates the client using one of the three authentication methods (no authentication, kerberos, delegation token). The result if the average latency of the connection request.
The table below shows that
- when security is turned off the the new code still adds 14% overhead.
- The overhead for kerberos authentication is predictably huge.
- The delegation token authentication was intended as a fast alternative to kerberos. It is somewhat faster, but not as nearly as the non-secure version. This should definitely be the focus of future optimizations.
- 0.22 is 1-2% slower compared to 0.20.100. It is expected to catch up with it, when all latest security contributions are ported to the trunk.