Re: Performance Degradation due to Reverse DNS Lookups
Hi I logged a ticket to not forget about this https://issues.apache.org/jira/browse/CAMEL-6898 On Tue, Jun 25, 2013 at 11:19 AM, Claus Ibsen claus.ib...@gmail.com wrote: On Tue, Jun 18, 2013 at 3:39 PM, rouble r.ou...@gmail.com wrote: We already do something similar: SNIP SSLContext ctx = SSLContext.getInstance(SSL); ctx.init(null, new TrustManager[] { new TrustAllTrustManager() }, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); /SNIP This issue does not have to do with the host name verifier or with camel per se, but more to do with the fact that Java core implementation will try to do a reverse dns lookup when creating a secure connection to an ip address. There are workarounds, but those would need to be implemented in camel. Cheers rouble Yeah would be nice if we have a simple way of turning this on. Fell free to log a JIRA ticket. On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang willem.ji...@gmail.com wrote: Hi, I'm not sure if setting the dummy implementation of X509HostnameVerifier can resolve the issue. Can you try it to see if it work? -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote: In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com (mailto:willem.ji...@gmail.com) wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble -- Claus Ibsen - www.camelone.org: The open source integration conference. Red Hat, Inc. FuseSource is now part of Red Hat Email: cib...@redhat.com Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen -- Claus Ibsen - Red Hat, Inc. Email: cib...@redhat.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
Re: Performance Degradation due to Reverse DNS Lookups
On Tue, Jun 18, 2013 at 3:39 PM, rouble r.ou...@gmail.com wrote: We already do something similar: SNIP SSLContext ctx = SSLContext.getInstance(SSL); ctx.init(null, new TrustManager[] { new TrustAllTrustManager() }, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); /SNIP This issue does not have to do with the host name verifier or with camel per se, but more to do with the fact that Java core implementation will try to do a reverse dns lookup when creating a secure connection to an ip address. There are workarounds, but those would need to be implemented in camel. Cheers rouble Yeah would be nice if we have a simple way of turning this on. Fell free to log a JIRA ticket. On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang willem.ji...@gmail.com wrote: Hi, I'm not sure if setting the dummy implementation of X509HostnameVerifier can resolve the issue. Can you try it to see if it work? -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote: In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com (mailto:willem.ji...@gmail.com) wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble -- Claus Ibsen - www.camelone.org: The open source integration conference. Red Hat, Inc. FuseSource is now part of Red Hat Email: cib...@redhat.com Web: http://fusesource.com Twitter: davsclaus Blog: http://davsclaus.com Author of Camel in Action: http://www.manning.com/ibsen
Re: Performance Degradation due to Reverse DNS Lookups
We already do something similar: SNIP SSLContext ctx = SSLContext.getInstance(SSL); ctx.init(null, new TrustManager[] { new TrustAllTrustManager() }, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); /SNIP This issue does not have to do with the host name verifier or with camel per se, but more to do with the fact that Java core implementation will try to do a reverse dns lookup when creating a secure connection to an ip address. There are workarounds, but those would need to be implemented in camel. Cheers rouble On Mon, Jun 3, 2013 at 10:47 PM, Willem jiang willem.ji...@gmail.com wrote: Hi, I'm not sure if setting the dummy implementation of X509HostnameVerifier can resolve the issue. Can you try it to see if it work? -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote: In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com (mailto:willem.ji...@gmail.com) wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble
Performance Degradation due to Reverse DNS Lookups
Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble
Re: Performance Degradation due to Reverse DNS Lookups
In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble
Re: Performance Degradation due to Reverse DNS Lookups
Hi, I'm not sure if setting the dummy implementation of X509HostnameVerifier can resolve the issue. Can you try it to see if it work? -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 10:23 AM, rouble wrote: In my router configuration I am specifying https4 - is that what you wanted to know? cheers rouble On Mon, Jun 3, 2013 at 9:59 PM, Willem jiang willem.ji...@gmail.com (mailto:willem.ji...@gmail.com) wrote: Hi, There are lots of http related components can provide the https connection, it could be helpful if you can tell us which http component you are using. -- Willem Jiang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://www.fusesource.com | http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Tuesday, June 4, 2013 at 5:20 AM, rouble wrote: Camel Dudes, We have detected a very strange issue in that our https routes degrade in performance when an ip address is used (as opposed to a domain name). Turns out that the Java core libraries do reverse DNS lookup for ip address when SSL connections are created. Read all about it here: https://forums.oracle.com/forums/thread.jspa?threadID=1532033 http://stackoverflow.com/questions/3193936/how-to-disable-javas-ssl-reverse-dns-lookup This becomes an issue when the IP address is not configured in the DNS server and the reverse DNS fails. In this case each connection has to wait for a timeout of the reverse DNS request before it can proceed. This makes domain name connections faster than ip address connections - which is backwards. Is this a known issue? There are a few workarounds/hacks recommended on the interwebs, I was wondering if it would be possible to introduce them into camel (http://www.velocityreviews.com/forums/showpost.php?p=2959030postcount=8). tia, rouble