All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sage Weil <sweil@redhat.com>
To: "Blinick, Stephen L" <stephen.l.blinick@intel.com>
Cc: "andreas.bluemle@itxperts.de" <andreas.bluemle@itxperts.de>,
	"ceph-devel@vger.kernel.org" <ceph-devel@vger.kernel.org>
Subject: RE: wip-auth
Date: Mon, 26 Jan 2015 09:23:32 -0800 (PST)	[thread overview]
Message-ID: <alpine.DEB.2.00.1501260921250.3895@cobra.newdream.net> (raw)
In-Reply-To: <3649A15A2562B54294DE14BCE5AC79120AB43257@ORSMSX152.amr.corp.intel.com>

On Mon, 26 Jan 2015, Blinick, Stephen L wrote:
> I noticed that the spec file for building RPM's defaults to building with libnss, instead of libcrypto++.  Since the measurements I'd done so far were from those RPM's I rebuilt with libcrypto++.. so FWIW here is the difference between those two on my system, memstore backend with a single OSD, and single client.    
> 
> Dual socket Xeon E5 2620v3, 64GB Memory,  RHEL7 
> Kernel: 3.10.0-123.13.2.el7
> 
> 100% 4K Writes, 1xOSD w/ Rados Bench
> 	libnss		            |    Cryptopp		
> # QD	IOPS	Latency(ms)   |	IOPS	Latency(ms)	IOPS Improvement %
> 16	14432.57	1.11    |	18896.60	0.85	30.93%
> 	                                     
> 100% 4K Reads, 1xOSD w/ Rados Bench				
> 	libnss | Cryptopp # QD IOPS Latency(ms)  | IOPS Latency(ms) IOPS 
> Improvement % 16 19532.53 0.82 | 25708.70 0.62 31.62%

Yikes, 30%!  I think this definitely worth some effort.  We switched to 
libnss because it has the weird government certfiications that everyone 
wants and is more prevalent.  crypto++ is also not packaged for Red 
Hat distros at all (presumably for that reason).

I suspect that most of the overhead is in the encryption context setup and 
can be avoided with a bit of effort..

sage


> 
> 
> Thanks,
> 
> Stephen
> 
> -----Original Message-----
> From: ceph-devel-owner@vger.kernel.org [mailto:ceph-devel-owner@vger.kernel.org] On Behalf Of Sage Weil
> Sent: Thursday, January 22, 2015 4:56 PM
> To: andreas.bluemle@itxperts.de
> Cc: ceph-devel@vger.kernel.org
> Subject: wip-auth
> 
> Hi Andreas,
> 
> I took a look at the wip-auth I mentioned in the security call last week... and the patch didn't work at all.  Sorry if you wasted any time trying it.
> 
> Anyway, I fixed it up so that it actually worked and made one other optimization.  It would be great to hear what latencies you measure with the changes in place.
> 
> Also, it might be worth trying --with-cryptopp (or --with-nss if you built cryptopp by default) to see if there is a difference.  There is a ton of boilerplate setting up encryption contexts and key structures and so on that I suspect could be cached (perhaps stashed in the CryptoKey struct?) with a bit of effort.  See
> 
> 	https://github.com/ceph/ceph/blob/master/src/auth/Crypto.cc#L99-L213
> 
> sage
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

  reply	other threads:[~2015-01-26 17:23 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-22 23:55 wip-auth Sage Weil
2015-01-26  6:20 ` wip-auth Blinick, Stephen L
2015-01-26 17:23   ` Sage Weil [this message]
2015-01-26 18:00     ` wip-auth Blinick, Stephen L
2015-01-26 18:16       ` wip-auth Mark Nelson
2015-01-28  1:10         ` wip-auth Blinick, Stephen L
2015-01-27 17:18       ` wip-auth Sage Weil
2015-01-30  7:10         ` wip-auth Andreas Bluemle
2015-01-30 21:08           ` wip-auth Sage Weil
2015-02-04 23:24             ` wip-auth Mark Nelson
     [not found]               ` <1597425172.7886580.1423208685818.JavaMail.zimbra@oxygem.tv>
2015-02-06  7:45                 ` wip-auth Alexandre DERUMIER
2015-02-09 18:24                   ` wip-auth Mark Nelson
     [not found]                     ` <987318816.223626.1423542893540.JavaMail.zimbra@oxygem.tv>
2015-02-10  4:36                       ` wip-auth Alexandre DERUMIER
2015-03-10 20:54               ` wip-auth Blinick, Stephen L
2015-03-10 20:55                 ` wip-auth Sage Weil

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.00.1501260921250.3895@cobra.newdream.net \
    --to=sweil@redhat.com \
    --cc=andreas.bluemle@itxperts.de \
    --cc=ceph-devel@vger.kernel.org \
    --cc=stephen.l.blinick@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.