Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 0.9.0.0
    • Component/s: security
    • Labels:
      None

      Description

      Test new Producer and new Consumer performance with and without SSL/TLS once the SSL/TLS branch is integrated.

      The ideal scenario is that SSL/TLS would not have an impact if disabled. When enabled, there will be some overhead (encryption and the inability to use `SendFile`) and it will be good to quantify it. The encryption overhead is reduced if recent JDKs are used with CPUs that support AES-specific instructions (https://en.wikipedia.org/wiki/AES_instruction_set).

        Issue Links

          Activity

          Hide
          ijuma Ismael Juma added a comment -

          A sensible way to do this is to allow SSL/TLS to be optionally enabled with our existing performance testing tools.

          Show
          ijuma Ismael Juma added a comment - A sensible way to do this is to allow SSL/TLS to be optionally enabled with our existing performance testing tools.
          Show
          benstopford Ben Stopford added a comment - Progress is recorded in this doc https://docs.google.com/a/confluent.io/document/d/1svxqiHApsGtg9_dDAN60f0X-QvyYqXPKDpwx5aNI6d4/edit?usp=sharing
          Hide
          jkreps Jay Kreps added a comment -

          It would be good to also do the same test(s) against 0.8.2 (I'm assuming these results are from trunk for both the ssl and no ssl case). There have been a TON of changes in the network layer over all so we need to sanity check that the no SSL number is actually the true baseline.

          Show
          jkreps Jay Kreps added a comment - It would be good to also do the same test(s) against 0.8.2 (I'm assuming these results are from trunk for both the ssl and no ssl case). There have been a TON of changes in the network layer over all so we need to sanity check that the no SSL number is actually the true baseline.
          Hide
          ijuma Ismael Juma added a comment -

          Yes, definitely. We discussed that offline, but I realise now that it wasn't clear in the ticket, so thanks for mentioning that.

          Show
          ijuma Ismael Juma added a comment - Yes, definitely. We discussed that offline, but I realise now that it wasn't clear in the ticket, so thanks for mentioning that.
          Hide
          benstopford Ben Stopford added a comment -

          Post SSL regression in new consumer raised here: https://issues.apache.org/jira/browse/KAFKA-2517

          Show
          benstopford Ben Stopford added a comment - Post SSL regression in new consumer raised here: https://issues.apache.org/jira/browse/KAFKA-2517
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user benstopford opened a pull request:

          https://github.com/apache/kafka/pull/217

          KAFKA-2431: Easier Testing of SSL

          • Allow cipher suites to be specified relevant properties
          • Avoid System.exit in ProducerPerformance so this can be externally invoked
          • Add command line option so that a default properties can be specified in ConsumerPerformance (needed for ssl properties)

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/benstopford/kafka ssl-1

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/kafka/pull/217.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #217


          commit 18fb3f0914dc284c5632522065d7e5be062ed62a
          Author: Ben Stopford <benstopford@gmail.com>
          Date: 2015-09-08T00:36:51Z

          KAFKA-2431: easier testing of SSL

          • Avoid System.exit in ProducerPerformance so this can be externally invoked
          • Add command line option so that a default set of properties can be speicfied in ConsumerPerformance (needed for ssl properties)
          • Allow cipher suites to be specified vi properties

          Show
          githubbot ASF GitHub Bot added a comment - GitHub user benstopford opened a pull request: https://github.com/apache/kafka/pull/217 KAFKA-2431 : Easier Testing of SSL Allow cipher suites to be specified relevant properties Avoid System.exit in ProducerPerformance so this can be externally invoked Add command line option so that a default properties can be specified in ConsumerPerformance (needed for ssl properties) You can merge this pull request into a Git repository by running: $ git pull https://github.com/benstopford/kafka ssl-1 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/kafka/pull/217.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #217 commit 18fb3f0914dc284c5632522065d7e5be062ed62a Author: Ben Stopford <benstopford@gmail.com> Date: 2015-09-08T00:36:51Z KAFKA-2431 : easier testing of SSL Avoid System.exit in ProducerPerformance so this can be externally invoked Add command line option so that a default set of properties can be speicfied in ConsumerPerformance (needed for ssl properties) Allow cipher suites to be specified vi properties
          Hide
          benstopford Ben Stopford added a comment -
          Show
          benstopford Ben Stopford added a comment - Summary report can be found here: https://docs.google.com/document/d/1HlHkjAPK9kR_lk0DF34c3NDblCYTnN6D8GENV6YI2f8
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user benstopford closed the pull request at:

          https://github.com/apache/kafka/pull/217

          Show
          githubbot ASF GitHub Bot added a comment - Github user benstopford closed the pull request at: https://github.com/apache/kafka/pull/217
          Hide
          ssuo Simon Suo added a comment -

          Hi all. This is Simon, a data infra intern working on LinkedIn's Kafka team. I am currently evaluating solutions to reduce performance overhead of Kafka security features.

          The summary report here discusses the possibility of a optional OpenSSL implementation that may achieve 4 to 5 times speed up. Is this being developed right now? Do you have any additional benchmark data to show the potential performance gain?

          Let me know if you have any relevant information and time for a small discussion. I can be reached at ssuo@linkedin.com

          Best regards,
          Simon Suo

          Show
          ssuo Simon Suo added a comment - Hi all. This is Simon, a data infra intern working on LinkedIn's Kafka team. I am currently evaluating solutions to reduce performance overhead of Kafka security features. The summary report here discusses the possibility of a optional OpenSSL implementation that may achieve 4 to 5 times speed up. Is this being developed right now? Do you have any additional benchmark data to show the potential performance gain? Let me know if you have any relevant information and time for a small discussion. I can be reached at ssuo@linkedin.com Best regards, Simon Suo
          Hide
          ijuma Ismael Juma added a comment -

          Hi Simon Suo, an OpenSSL-based implementation is not being developed right now. See KAFKA-2561 for the information we collected.

          Show
          ijuma Ismael Juma added a comment - Hi Simon Suo , an OpenSSL-based implementation is not being developed right now. See KAFKA-2561 for the information we collected.
          Hide
          becket_qin Jiangjie Qin added a comment -

          Ben Stopford It seems I am not able to access the Google doc anymore. We recently did some performance test of SSL at LinkedIn and saw some interesting results. We would like to compare that with the tests done previously. Do you mind letting us check on the previous result? Thanks.

          Show
          becket_qin Jiangjie Qin added a comment - Ben Stopford It seems I am not able to access the Google doc anymore. We recently did some performance test of SSL at LinkedIn and saw some interesting results. We would like to compare that with the tests done previously. Do you mind letting us check on the previous result? Thanks.

            People

            • Assignee:
              benstopford Ben Stopford
              Reporter:
              ijuma Ismael Juma
              Reviewer:
              Jun Rao
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development