Glad to see there is support for this! I think ACCP would be a good choice since there seems to be a lot of experience deploying it. I’ve opened https://issues.apache.org/jira/browse/CASSANDRA-18624. I should have some time to work on the patch soon and I will try to provide some graphs that show the performance benefit from a recent benchmark.
Jordan On Thu, Jun 22, 2023 at 19:28 Fleming, Jackson <jackson.flem...@netapp.com> wrote: > We run ACCP in production on 1000s of nodes across Cassandra 3.11 and 4 > with great results. > > > > Would love to see it baked into Cassandra. > > > > Jackson > > > > *From: *David Capwell <dcapw...@apple.com> > *Date: *Friday, 23 June 2023 at 9:22 am > *To: *dev <dev@cassandra.apache.org> > *Subject: *Re: [DISCUSS] Using ACCP or tc-native by default > > *NetApp Security WARNING*: This is an external email. Do not click links > or open attachments unless you recognize the sender and know the content is > safe. > > > > +1 to ACCP > > > > On Jun 22, 2023, at 3:05 PM, C. Scott Andreas <sc...@paradoxica.net> > wrote: > > > > +1 for ACCP and can attest to its results. ACCP also optimizes for a range > of hash functions and other cryptographic primitives beyond TLS > acceleration for Netty. > > > > On Jun 22, 2023, at 2:07 PM, Jeff Jirsa <jji...@gmail.com> wrote: > > > > > > Either would be better than today. > > > > On Thu, Jun 22, 2023 at 1:57 PM Jordan West <jw...@apache.org> wrote: > > Hi, > > > > I’m wondering if there is appetite to change the default SSL provider for > Cassandra going forward to either ACCP [1] or tc-native in Netty? Our > deployment as well as others I’m aware of make this change in their fork > and it can lead to significant performance improvement. When recently > qualifying 4.1 without using ACCP (by accident) we noticed p99 latencies > were 2x higher than 3.0 w/ ACCP. Wiring up ACCP can be a bit of a pain and > also requires some amount of customization. I think it could be great for > the wider community to adopt it. > > > > The biggest hurdle I foresee is licensing but ACCP is Apache 2.0 licensed. > Anything else I am missing before opening a JIRA and submitting a patch? > > > > Jordan > > > > > > [1] > > https://github.com/corretto/amazon-corretto-crypto-provider > > > > >
