Re: Performance Degradation due to Reverse DNS Lookups
Hi
I logged a ticket to not forget about this
https://issues.apache.org/jira/browse/CAMEL-6898
On Tue, Jun 25, 2013 at 11:19 AM, Claus Ibsen claus.ib...@gmail.com wrote:
On Tue, Jun 18, 2013 at 3:39 PM, rouble r.ou...@gmail.com wrote:
We already do something similar:
SNIP
SSLContext ctx = SSLContext.getInstance(SSL);
ctx.init(null, new TrustManager[] { new
TrustAllTrustManager() }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
/SNIP
This issue does not have to do with the host name verifier or with
camel per se, but more to do with the fact that Java core
implementation will try to do a reverse dns lookup when creating a
secure connection to an ip address. There are workarounds, but those
would need to be implemented in camel.
Cheers
rouble
Yeah would be nice if we have a simple way of turning this on. Fell
free to log a JIRA ticket.
On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang willem.ji...@gmail.com wrote:
Hi,
I'm not sure if setting the dummy implementation of X509HostnameVerifier
can resolve the issue.
Can you try it to see if it work?
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
In my router configuration I am specifying https4 - is that what you
wanted to know?
cheers
rouble
On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com
(mailto:willem.ji...@gmail.com) wrote:
Hi,
There are lots of http related components can provide the https
connection, it could be helpful if you can tell us which http component
you are using.
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
Camel Dudes,
We have detected a very strange issue in that our https routes degrade
in performance when an ip address is used (as opposed to a domain
name).
Turns out that the Java core libraries do reverse DNS lookup for ip
address when SSL connections are created. Read all about it here:
https://forums.oracle.com/forums/thread.jspa?threadID=1532033
http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup
This becomes an issue when the IP address is not configured in the DNS
server and the reverse DNS fails. In this case each connection has to
wait for a timeout of the reverse DNS request before it can proceed.
This makes domain name connections faster than ip address connections
- which is backwards.
Is this a known issue? There are a few workarounds/hacks recommended
on the interwebs, I was wondering if it would be possible to introduce
them into camel
(http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8).
tia,
rouble
--
Claus Ibsen
-
www.camelone.org: The open source integration conference.
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cib...@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
--
Claus Ibsen
-
Red Hat, Inc.
Email: cib...@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
Re: Performance Degradation due to Reverse DNS Lookups
On Tue, Jun 18, 2013 at 3:39 PM, rouble r.ou...@gmail.com wrote:
We already do something similar:
SNIP
SSLContext ctx = SSLContext.getInstance(SSL);
ctx.init(null, new TrustManager[] { new
TrustAllTrustManager() }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
/SNIP
This issue does not have to do with the host name verifier or with
camel per se, but more to do with the fact that Java core
implementation will try to do a reverse dns lookup when creating a
secure connection to an ip address. There are workarounds, but those
would need to be implemented in camel.
Cheers
rouble
Yeah would be nice if we have a simple way of turning this on. Fell
free to log a JIRA ticket.
On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang willem.ji...@gmail.com wrote:
Hi,
I'm not sure if setting the dummy implementation of X509HostnameVerifier can
resolve the issue.
Can you try it to see if it work?
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
In my router configuration I am specifying https4 - is that what you
wanted to know?
cheers
rouble
On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com
(mailto:willem.ji...@gmail.com) wrote:
Hi,
There are lots of http related components can provide the https
connection, it could be helpful if you can tell us which http component
you are using.
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
Camel Dudes,
We have detected a very strange issue in that our https routes degrade
in performance when an ip address is used (as opposed to a domain
name).
Turns out that the Java core libraries do reverse DNS lookup for ip
address when SSL connections are created. Read all about it here:
https://forums.oracle.com/forums/thread.jspa?threadID=1532033
http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup
This becomes an issue when the IP address is not configured in the DNS
server and the reverse DNS fails. In this case each connection has to
wait for a timeout of the reverse DNS request before it can proceed.
This makes domain name connections faster than ip address connections
- which is backwards.
Is this a known issue? There are a few workarounds/hacks recommended
on the interwebs, I was wondering if it would be possible to introduce
them into camel
(http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8).
tia,
rouble
--
Claus Ibsen
-
www.camelone.org: The open source integration conference.
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cib...@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
Re: Performance Degradation due to Reverse DNS Lookups
We already do something similar:
SNIP
SSLContext ctx = SSLContext.getInstance(SSL);
ctx.init(null, new TrustManager[] { new
TrustAllTrustManager() }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
/SNIP
This issue does not have to do with the host name verifier or with
camel per se, but more to do with the fact that Java core
implementation will try to do a reverse dns lookup when creating a
secure connection to an ip address. There are workarounds, but those
would need to be implemented in camel.
Cheers
rouble
On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang willem.ji...@gmail.com wrote:
Hi,
I'm not sure if setting the dummy implementation of X509HostnameVerifier can
resolve the issue.
Can you try it to see if it work?
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote:
In my router configuration I am specifying https4 - is that what you
wanted to know?
cheers
rouble
On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com
(mailto:willem.ji...@gmail.com) wrote:
Hi,
There are lots of http related components can provide the https
connection, it could be helpful if you can tell us which http component
you are using.
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/)
(English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote:
Camel Dudes,
We have detected a very strange issue in that our https routes degrade
in performance when an ip address is used (as opposed to a domain
name).
Turns out that the Java core libraries do reverse DNS lookup for ip
address when SSL connections are created. Read all about it here:
https://forums.oracle.com/forums/thread.jspa?threadID=1532033
http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup
This becomes an issue when the IP address is not configured in the DNS
server and the reverse DNS fails. In this case each connection has to
wait for a timeout of the reverse DNS request before it can proceed.
This makes domain name connections faster than ip address connections
- which is backwards.
Is this a known issue? There are a few workarounds/hacks recommended
on the interwebs, I was wondering if it would be possible to introduce
them into camel
(http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8).
tia,
rouble
Performance Degradation due to Reverse DNS Lookups
Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble
Re: Performance Degradation due to Reverse DNS Lookups
In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble
Re: Performance Degradation due to Reverse DNS Lookups
Hi, I'm not sure if setting the dummy implementation of X509HostnameVerifier can resolve the issue. Can you try it to see if it work? -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote: In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com (mailto:willem.ji...@gmail.com) wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble
