On Fri, Apr 19, 2024 at 3:12 PM Jon Haddad <j...@jonhaddad.com> wrote:
> I haven't looked at streaming over TLS, so I might be way off base here, > but our own docs ( > https://cassandra.apache.org/doc/latest/cassandra/architecture/streaming.html) > say ZCS is not available when using encryption, and if we have to bring the > data into the JVM then I'm not sure how it would even work. sendfile is a > direct file descriptor to file descriptor copy. How are we simultaneously > doing kernel-only operations while also performing encryption in the JVM? > Yes, the 'zero copy' aspect of streaming is not available when we stream over TLS as we're required to bring in those bytes into the JVM to encrypt. However, we still get the benefit of copying entire files and skipping the non-trivial ser/deser & GC overhead associated with streaming individual partitions. Cassandra will handle this transparently[1] depending on whether you enable TLS or not. Dinesh [1] https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/net/AsyncStreamingOutputPlus.java#L159
