* Performance issue with redfish TLS handshake
@ 2021-10-05 8:42 sharad yadav
2021-10-05 18:47 ` John Broadbent
0 siblings, 1 reply; 4+ messages in thread
From: sharad yadav @ 2021-10-05 8:42 UTC (permalink / raw)
To: openbmc
[-- Attachment #1: Type: text/plain, Size: 1286 bytes --]
Hi All,
We have tried to measure redfish APIs performance benchmarking on AST2600.
On redfish GET request there is a penalty added for ~100ms on TLS handshake
at
https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L297
On trying below all methods, each request calls `async_handshake` which
adds 100ms delay
before the actual redfish handler code gets called.
*Method 1:*
curl --insecure -X POST -D headers.txt
https://${bmc}/redfish/v1/SessionService/Sessions
-d '{"UserName":"root", "Password":"0penBmc"}'
export token=<Read X-Auth-Token from the headers.txt>
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X
GET https://${bmc}/redfish/v1/Systems/system
*Method 2:*
export token=`curl -k -H "Content-Type: application/json" -X POST
https://${bmc}/login
-d '{"username" : "root", "password" : "0penBmc"}' | grep token | awk
'{print $2;}' | tr -d '"'`
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X
GET https://${bmc}/redfish/v1/Systems/system
*Method 3:*
curl https://${bmc}/redfish/v1/Systems/system --insecure -u root:0penBmc -L
We want to avoid this ~100ms delay for better performance.
Please suggest if there is a way to skip the `async_handshake` call by
modifying the requests method?
Thanks,
Sharad
[-- Attachment #2: Type: text/html, Size: 2871 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Performance issue with redfish TLS handshake
2021-10-05 8:42 Performance issue with redfish TLS handshake sharad yadav
@ 2021-10-05 18:47 ` John Broadbent
2021-10-05 18:53 ` Ed Tanous
0 siblings, 1 reply; 4+ messages in thread
From: John Broadbent @ 2021-10-05 18:47 UTC (permalink / raw)
To: sharad yadav, OpenBMC Maillist, Anuraag Bharadwaj
[-- Attachment #1: Type: text/plain, Size: 2124 bytes --]
On Tue, Oct 5, 2021 at 1:42 AM sharad yadav <sharad.openbmc@gmail.com>
wrote:
> Hi All,
>
> We have tried to measure redfish APIs performance benchmarking on AST2600.
> On redfish GET request there is a penalty added for ~100ms on TLS
> handshake at
> https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L297
>
> On trying below all methods, each request calls `async_handshake` which
> adds 100ms delay
> before the actual redfish handler code gets called.
> *Method 1:*
> curl --insecure -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions
> -d '{"UserName":"root", "Password":"0penBmc"}'
> export token=<Read X-Auth-Token from the headers.txt>
> curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X
> GET https://${bmc}/redfish/v1/Systems/system
>
> *Method 2:*
> export token=`curl -k -H "Content-Type: application/json" -X POST https://${bmc}/login
> -d '{"username" : "root", "password" : "0penBmc"}' | grep token | awk
> '{print $2;}' | tr -d '"'`
> curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X
> GET https://${bmc}/redfish/v1/Systems/system
>
> *Method 3:*
> curl https://${bmc}/redfish/v1/Systems/system --insecure -u root:0penBmc
> -L
>
> We want to avoid this ~100ms delay for better performance.
> Please suggest if there is a way to skip the `async_handshake` call by
> modifying the requests method?
>
> Thanks,
> Sharad
>
There is logic in the crow::connection object that should allow you to use
tcp keep-alive and avoid the handshake in start.
https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L694
I have looked at the connection class in bmcweb before, and found it
difficult to understand.
However, this is a simplified version of the states within the connection
class:
start->doReadHeaders->doRead->handle->completeRequest->doWrite[if keep
alive]->doReadHeaders
The async_handshake is in the start, so if you are able to use the same
connection, you should only pay for the handshake once.
Ed Tanous and Gunnar Mills are the definitive experts.
Let us know what you find.
Thank you
[-- Attachment #2: Type: text/html, Size: 4202 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Performance issue with redfish TLS handshake
2021-10-05 18:47 ` John Broadbent
@ 2021-10-05 18:53 ` Ed Tanous
2021-10-11 14:49 ` sharad yadav
0 siblings, 1 reply; 4+ messages in thread
From: Ed Tanous @ 2021-10-05 18:53 UTC (permalink / raw)
To: John Broadbent; +Cc: sharad yadav, OpenBMC Maillist, Anuraag Bharadwaj
On Tue, Oct 5, 2021 at 11:48 AM John Broadbent <jebr@google.com> wrote:
>
>
>
> On Tue, Oct 5, 2021 at 1:42 AM sharad yadav <sharad.openbmc@gmail.com> wrote:
>>
>> Hi All,
>>
>> We have tried to measure redfish APIs performance benchmarking on AST2600.
>> On redfish GET request there is a penalty added for ~100ms on TLS handshake at
This is a little higher than I would've expected, but not outside the
realm of reasonable. Can you triage what cipher suite you're
negotiating between the client and server? Are you using a DH+EC key
cipher? That should be faster than RSA.
>> https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L297
>>
>> On trying below all methods, each request calls `async_handshake` which adds 100ms delay
>> before the actual redfish handler code gets called.
>> Method 1:
>> curl --insecure -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
>> export token=<Read X-Auth-Token from the headers.txt>
>> curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X GET https://${bmc}/redfish/v1/Systems/system
>>
>> Method 2:
>> export token=`curl -k -H "Content-Type: application/json" -X POST https://${bmc}/login -d '{"username" : "root", "password" : "0penBmc"}' | grep token | awk '{print $2;}' | tr -d '"'`
>> curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X GET https://${bmc}/redfish/v1/Systems/system
>>
>> Method 3:
>> curl https://${bmc}/redfish/v1/Systems/system --insecure -u root:0penBmc -L
>>
>> We want to avoid this ~100ms delay for better performance.
>> Please suggest if there is a way to skip the `async_handshake` call by modifying the requests method?
>>
>> Thanks,
>> Sharad
>
>
>
>
> There is logic in the crow::connection object that should allow you to use tcp keep-alive and avoid the handshake in start.
> https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L694
>
> I have looked at the connection class in bmcweb before, and found it difficult to understand.
> However, this is a simplified version of the states within the connection class:
>
> start->doReadHeaders->doRead->handle->completeRequest->doWrite[if keep alive]->doReadHeaders
>
> The async_handshake is in the start, so if you are able to use the same connection, you should only pay for the handshake once.
> Ed Tanous and Gunnar Mills are the definitive experts.
Yep, John got this exactly right. Make sure whatever client you're
using is taking advantage of keepalive, and you will only take this
TLS performance hit for the first request.
>
>
> Let us know what you find.
> Thank you
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Performance issue with redfish TLS handshake
2021-10-05 18:53 ` Ed Tanous
@ 2021-10-11 14:49 ` sharad yadav
0 siblings, 0 replies; 4+ messages in thread
From: sharad yadav @ 2021-10-11 14:49 UTC (permalink / raw)
To: Ed Tanous; +Cc: John Broadbent, Anuraag Bharadwaj, OpenBMC Maillist
[-- Attachment #1: Type: text/plain, Size: 3257 bytes --]
Thanks for the help. It worked out with the client setting keepalive=true.
Though curl is pre-enabled with keepalive=true. Below curl command worked
out to avoid TLS handshake in subsequent calls.
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X
GET https://${bmc}/redfish/v1/Systems/system https://${bmc}/redfish/v1/Syst
ems/system
Thanks,
Sharad
On Wed, 6 Oct 2021 at 00:23, Ed Tanous <edtanous@google.com> wrote:
> On Tue, Oct 5, 2021 at 11:48 AM John Broadbent <jebr@google.com> wrote:
> >
> >
> >
> > On Tue, Oct 5, 2021 at 1:42 AM sharad yadav <sharad.openbmc@gmail.com>
> wrote:
> >>
> >> Hi All,
> >>
> >> We have tried to measure redfish APIs performance benchmarking on
> AST2600.
> >> On redfish GET request there is a penalty added for ~100ms on TLS
> handshake at
>
> This is a little higher than I would've expected, but not outside the
> realm of reasonable. Can you triage what cipher suite you're
> negotiating between the client and server? Are you using a DH+EC key
> cipher? That should be faster than RSA.
>
> >>
> https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L297
> >>
> >> On trying below all methods, each request calls `async_handshake` which
> adds 100ms delay
> >> before the actual redfish handler code gets called.
> >> Method 1:
> >> curl --insecure -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions
> -d '{"UserName":"root", "Password":"0penBmc"}'
> >> export token=<Read X-Auth-Token from the headers.txt>
> >> curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json"
> -X GET https://${bmc}/redfish/v1/Systems/system
> >>
> >> Method 2:
> >> export token=`curl -k -H "Content-Type: application/json" -X POST
> https://${bmc}/login -d '{"username" : "root", "password" : "0penBmc"}' |
> grep token | awk '{print $2;}' | tr -d '"'`
> >> curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json"
> -X GET https://${bmc}/redfish/v1/Systems/system
> >>
> >> Method 3:
> >> curl https://${bmc}/redfish/v1/Systems/system --insecure -u
> root:0penBmc -L
> >>
> >> We want to avoid this ~100ms delay for better performance.
> >> Please suggest if there is a way to skip the `async_handshake` call by
> modifying the requests method?
> >>
> >> Thanks,
> >> Sharad
> >
> >
> >
> >
> > There is logic in the crow::connection object that should allow you to
> use tcp keep-alive and avoid the handshake in start.
> >
> https://github.com/openbmc/bmcweb/blob/master/http/http_connection.hpp#L694
> >
> > I have looked at the connection class in bmcweb before, and found it
> difficult to understand.
> > However, this is a simplified version of the states within the
> connection class:
> >
> > start->doReadHeaders->doRead->handle->completeRequest->doWrite[if keep
> alive]->doReadHeaders
> >
> > The async_handshake is in the start, so if you are able to use the same
> connection, you should only pay for the handshake once.
> > Ed Tanous and Gunnar Mills are the definitive experts.
>
> Yep, John got this exactly right. Make sure whatever client you're
> using is taking advantage of keepalive, and you will only take this
> TLS performance hit for the first request.
>
> >
> >
> > Let us know what you find.
> > Thank you
>
[-- Attachment #2: Type: text/html, Size: 4726 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-10-11 14:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 8:42 Performance issue with redfish TLS handshake sharad yadav
2021-10-05 18:47 ` John Broadbent
2021-10-05 18:53 ` Ed Tanous
2021-10-11 14:49 ` sharad yadav
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).