Bug 1787325 - TLS/SSL access of GlusterFS mounts is slower than with no TLS/SSL enabled.
Summary: TLS/SSL access of GlusterFS mounts is slower than with no TLS/SSL enabled.
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: mainline
Hardware: x86_64
OS: Linux
urgent
high
Target Milestone: ---
Assignee: Mohit Agrawal
QA Contact:
URL:
Whiteboard:
Depends On: 1612973
Blocks: 1649191
TreeView+ depends on / blocked
 
Reported: 2020-01-02 12:03 UTC by Mohit Agrawal
Modified: 2020-03-12 14:28 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1612973
Environment:
Last Closed: 2020-03-12 14:28:03 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gluster.org Gerrit 23952 0 None Open socket: Use AES128 cipher in SSL if AES is supported by CPU 2020-04-23 03:21:13 UTC

Comment 1 Mohit Agrawal 2020-01-02 12:04:36 UTC
When we enable TLS/SSL on our data path we see a 50% performance hit in throughput.

Version-Release number of selected component (if applicable):

All glusterFS versions

How reproducible:

Every time.

Steps to Reproduce:
1.  Run read / write perf test(say DD), note results
2.  Enable TLS/SSL on the volume
3.  Re run perf tests, compare throughput.

Actual results:

50% perf hit

Expected results:

Minimal performance hit.

Comment 2 Mohit Agrawal 2020-01-02 12:05:56 UTC
After configuring AES128 cipher we have found performance is improved around 20% so we are using AES128 as a default cipher option.

Comment 3 Worker Ant 2020-01-02 12:09:12 UTC
REVIEW: https://review.gluster.org/23952 (socket: Use AES128 cipher in SSL if AES is supported by CPU) posted (#2) for review on master by MOHIT AGRAWAL

Comment 4 Worker Ant 2020-03-12 14:28:03 UTC
This bug is moved to https://github.com/gluster/glusterfs/issues/1050, and will be tracked there from now on. Visit GitHub issues URL for further details


Note You need to log in before you can comment on or make changes to this bug.