1787325 – TLS/SSL access of GlusterFS mounts is slower than with no TLS/SSL enabled.

Bug 1787325 - TLS/SSL access of GlusterFS mounts is slower than with no TLS/SSL enabled.

Summary: TLS/SSL access of GlusterFS mounts is slower than with no TLS/SSL enabled.

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	GlusterFS
Classification:	Community
Component:	core
Sub Component:
Version:	mainline
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	---
Assignee:	Mohit Agrawal
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1612973
Blocks:	1649191
TreeView+	depends on / blocked

Reported:	2020-01-02 12:03 UTC by Mohit Agrawal
Modified:	2020-03-12 14:28 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Clone Of:	1612973
Environment:
Last Closed:	2020-03-12 14:28:03 UTC
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Gluster.org Gerrit	23952	0	None	Open	socket: Use AES128 cipher in SSL if AES is supported by CPU	2020-04-23 03:21:13 UTC

Comment 1 Mohit Agrawal 2020-01-02 12:04:36 UTC

When we enable TLS/SSL on our data path we see a 50% performance hit in throughput.

Version-Release number of selected component (if applicable):

All glusterFS versions

How reproducible:

Every time.

Steps to Reproduce:
1.  Run read / write perf test(say DD), note results
2.  Enable TLS/SSL on the volume
3.  Re run perf tests, compare throughput.

Actual results:

50% perf hit

Expected results:

Minimal performance hit.

Comment 2 Mohit Agrawal 2020-01-02 12:05:56 UTC

After configuring AES128 cipher we have found performance is improved around 20% so we are using AES128 as a default cipher option.

Comment 3 Worker Ant 2020-01-02 12:09:12 UTC

REVIEW: https://review.gluster.org/23952 (socket: Use AES128 cipher in SSL if AES is supported by CPU) posted (#2) for review on master by MOHIT AGRAWAL

Comment 4 Worker Ant 2020-03-12 14:28:03 UTC

This bug is moved to https://github.com/gluster/glusterfs/issues/1050, and will be tracked there from now on. Visit GitHub issues URL for further details

Note You need to log in before you can comment on or make changes to this bug.