Thanks for the information John. I think it worth noting that, as far as I know, Traffic Router does not support EC keys so if you plan to use grove with EC, it will have to be without Traffic Router. Support for elliptic curve certificates in Traffic Router has been captured in this github issue: https://github.com/apache/trafficcontrol/issues/2774.
Thanks, Dave On Tue, Sep 4, 2018 at 10:47 AM John Rushford <[email protected]> wrote: > Greetings, > > I've been running performance tests with the grove caching server using > several different > profiles. One profile was strictly with http transactions and other > profiles were > with a mix of https using RSA public/private keys and EC (elliptic curve) > public/private > keys. When using https with EC certificates, grove performed very well. > However when > RSA public/private keys are employed, there is a significant impact to > performance. > > I have found that grove performs poorly when RSA keys are employed and > grove is compiled > using go 1.9.4. At 3k requests per second, the cpu's go to 100% > utilization and 50% or > more of the transactions time out. With the release of go version 1.11, > this performance > issue with RSA crypto has been addressed with a patch to the > 'math/big.addMulVVW()' function > used in the RSA crypto routines. After re-compiling grove with go version > 1.11, performance > improved quite significantly when using RSA certs. I've attached some of > the performance data collected to the issue #2780 > <https://github.com/apache/trafficcontrol/issues/2780> > > If you are using grove, I suggest that you use EC keys public/private TLS > keys. If you use > RSA keys though, you should make sure that you compile grove with go > version 1.11 or higher. > I've submitted this issue, #2780 > <https://github.com/apache/trafficcontrol/issues/2780>, and a PR, #2781 > <https://github.com/apache/trafficcontrol/pull/2781>, that modifies the > grove build scripts to check for and use go version 1.11. The docker build > scripts have been modified to install and use go version 1.11 to build > grove. > > thanks > John Rushford > [email protected] > > -- > John Rushford > [email protected] >
