[jira] [Commented] (HBASE-16414) Improve performance for RPC encryption with Apache Common Crypto

Thu, 20 Oct 2016 19:29:28 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15593720#comment-15593720
 ] 

Colin Ma commented on HBASE-16414:
----------------------------------

[~devaraj], for the different configuration in server/client, the unit test is 
added in TestSecureIPC.testDifferentConfWithCryptoAES().
For the different version of server/client, actually, it's about the 
compatibility of protobuf, I also tested it in my local. The following table is 
the description for these situations:
||    ||Server side  ||    Client side   ||       Action||
|Case1  | disable AES(without the feature) | enable AES(with the feature)   | 
Client will send the request to Server for connection header negotiation, but 
Server won't response. Client will throw the exception for timeout at last|
|Case2  | enable AES(with the feature)  | disable AES(without the feature)  | 
Client won't send the request to Server for connection header negotiation, no 
negotiation happen|

> Improve performance for RPC encryption with Apache Common Crypto
> ----------------------------------------------------------------
>
>                 Key: HBASE-16414
>                 URL: https://issues.apache.org/jira/browse/HBASE-16414
>             Project: HBase
>          Issue Type: Improvement
>          Components: IPC/RPC
>    Affects Versions: 2.0.0
>            Reporter: Colin Ma
>            Assignee: Colin Ma
>         Attachments: HBASE-16414.001.patch, HBASE-16414.002.patch, 
> HBASE-16414.003.patch, HBASE-16414.004.patch, HBASE-16414.005.patch, 
> HBASE-16414.006.patch, HBASE-16414.007.patch, HBASE-16414.008.patch, 
> HBASE-16414.009.patch, HbaseRpcEncryptionWithCrypoto.docx
>
>
> Hbase RPC encryption is enabled by setting “hbase.rpc.protection” to 
> "privacy". With the token authentication, it utilized DIGEST-MD5 mechanisms 
> for secure authentication and data protection. For DIGEST-MD5, it uses DES, 
> 3DES or RC4 to do encryption and it is very slow, especially for Scan. This 
> will become the bottleneck of the RPC throughput.
> Apache Commons Crypto is a cryptographic library optimized with AES-NI. It 
> provides Java API for both cipher level and Java stream level. Developers can 
> use it to implement high performance AES encryption/decryption with the 
> minimum code and effort. Compare with the current implementation of 
> org.apache.hadoop.hbase.io.crypto.aes.AES, Crypto supports both JCE Cipher 
> and OpenSSL Cipher which is better performance than JCE Cipher. User can 
> configure the cipher type and the default is JCE Cipher.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to