[jira] [Commented] (HADOOP-15743) Jetty and SSL tunings to stabilize KMS performance

Thu, 28 May 2020 04:44:24 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-15743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17118578#comment-17118578
 ] 

Akira Ajisaka commented on HADOOP-15743:
----------------------------------------

Thank you Daryn for the great summary. I think the tuning options are effective 
for HttpFS as well.

{quote}where did you find the config 
{{javax.net.ssl.sessionCacheTimeout}}?{quote}

I found the config in [https://bugs.openjdk.java.net/browse/JDK-8210985]

{quote}The session cache size can be set via 
SSLSessionContext.setSessionCacheSize() or via the 
javax.net.ssl.sessionCachSize{quote}



> Jetty and SSL tunings to stabilize KMS performance 
> ---------------------------------------------------
>
>                 Key: HADOOP-15743
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15743
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.8.0
>            Reporter: Daryn Sharp
>            Priority: Major
>
> The KMS has very low throughput with high client failure rates.  The 
> following config options will "stabilize" the KMS under load:
>  # Disable ECDH algos because java's SSL engine is inexplicably HORRIBLE.
>  # Reduce SSL session cache size (unlimited) and ttl (24h).  The memory cache 
> has very poor performance and causes extreme GC collection pressure. Load 
> balancing diminishes the effectiveness of the cache to 1/N-hosts anyway.
>  ** -Djavax.net.ssl.sessionCacheSize=1000
>  ** -Djavax.net.ssl.sessionCacheTimeout=6
>  # Completely disable thread LowResourceMonitor to stop jetty from 
> immediately closing incoming connections during connection bursts.  Client 
> retries cause jetty to remain in a low resource state until many clients fail 
> and cause thousands of sockets to linger in various close related states.
>  # Set min/max threads to 4x processors.   Jetty recommends only 50 to 500 
> threads.  Java's SSL engine has excessive synchronization that limits 
> performance anyway.
>  # Set https idle timeout to 6s.
>  # Significantly increase max fds to at least 128k.  Recommend using a VIP 
> load balancer with a lower limit.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to