[ https://issues.apache.org/jira/browse/HADOOP-15813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16773551#comment-16773551 ]
Wei-Chiu Chuang commented on HADOOP-15813: ------------------------------------------ +1 The patch dramatically improves KMS throughput from 2900 decrypt_eek/s to 8100 decrypt_eek/s in my test. Benchmark setup: {noformat} 4-node cluster, each node 4 core Intel Xeon 2.5Ghz, 25GB memory CentOS 7.4, CDH 6.2 + CM 6.2, Cloudera Navigator Key Trustee Oracle Java 8u181 One KMS server. Heap: 5GB, max thread: 32 {noformat} Ran the KMS benchmark tool (HADOOP-15967) on 3 other nodes to fully saturate the KMS server: {noformat} HADOOP_CLIENT_OPTS="-Xms10g -Xmx10g" hadoop jar /tmp/hadoop-kms-3.0.0-cdh6.1.0-tests.jar org.apache.hadoop.crypto.key.kms.server.KMSBenchmark -op decrypt -threads 100 -numops 2000000 {noformat} Additionally, used heap size = 2GB (prior to the patch, heap size would grow until the max heap size), open file descriptor 600 (prior to the patch, open file descriptor would grow to 7000) > Enable more reliable SSL connection reuse > ----------------------------------------- > > Key: HADOOP-15813 > URL: https://issues.apache.org/jira/browse/HADOOP-15813 > Project: Hadoop Common > Issue Type: Bug > Components: common > Affects Versions: 2.6.0 > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Priority: Major > Attachments: HADOOP-15813.patch, HADOOP-15813.patch > > > The java keep-alive cache relies on instance equivalence of the SSL socket > factory. In many java versions, SSLContext#getSocketFactory always returns a > new instance which completely breaks the cache. Clients flooding a service > with lingering per-request connections that can lead to port exhaustion. The > hadoop SSLFactory should cache the socket factory associated with the context. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org