auth: dramatically improve checkPassword performance #11735
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wswcfan
changed the title
mitake
suggested changes
Mar 31, 2020
wswcfan
force-pushed
the
optimize-auth-lock-performance
branch
from
b7853d9
to
3f419f9
Compare
|
Thanks for your suggestion! I refactored a version that uses closures, so we can still use the defer statement, it may look better than the previous implementation, what do you think? @mitake |
to improve authentication performance in concurrent scenarios when enable auth and using authentication based password
wswcfan
force-pushed
the
optimize-auth-lock-performance
branch
from
3f419f9
to
9cf3162
Compare
tangcong
added a commit
to tangcong/etcd
that referenced
this pull request
Apr 5, 2020
tangcong
added a commit
to tangcong/etcd
that referenced
this pull request
Apr 5, 2020
tangcong
added a commit
to tangcong/etcd
that referenced
this pull request
Apr 5, 2020
tangcong
added a commit
to tangcong/etcd
that referenced
this pull request
Apr 5, 2020
tangcong
added a commit
to tangcong/etcd
that referenced
this pull request
Apr 6, 2020
gyuho
added a commit
that referenced
this pull request
May 20, 2020
…5-origin-release-3.4 Automated cherry pick of #11735 on release-3.4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Optimize lock scope for CheckPassword, to improve authentication performance in concurrent scenarios
when enable auth and using authentication based password.
etcd version: 3.4.3When enable auth and using authentication based password, we found that etcd's read and write performance dropped sharply, and even a large number of timeouts occurred. After our investigation, we found that time is spent on Authenticate.
Furtherly, we found that the CompareHashAndPassword function will take tens of milliseconds. This function will block the lock of CheckPassword, which can cause certain requests to block for tens of seconds when there is thousounds of concurrent connection.
(We have add some debug log in etcd. As shown below, the time unit is millisecond)
Moving CompareHashAndPassword out of the critical section of the lock can greatly improve performance. After we do this, we no longer find timeout requests.
And we developed a tool based on etcd benchmark CLI to test the performance of the Authenticate interface. The performance data is as follows:
We consider a single node etcd cluster with the following hardware configuration:
Before optimization:
benchmark_auth auth --total 3000 --clients 100 --conns 100benchmark_auth auth --total 3000 --clients 200 --conns 200With 200 concurrency, a large number of requests time out.
After optimization:
benchmark_auth auth --total 3000 --clients 100 --conns 100benchmark_auth auth --total 3000 --clients 200 --conns 200We can see that the performance is improved more than 10 times after optimization. And with the increase of concurrencys, the performance improvement is more and more obvious