envoyproxy/envoy

possible optimization: repetitive private key reads

Open

#20.045 aperta il 18 feb 2022

Vedi su GitHub
 (5 commenti) (0 reazioni) (0 assegnatari)C++ (5373 fork)batch import
area/perfarea/tlsenhancementhelp wanted

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

Title: possible optimization: repetitive private key reads

Description: When investigating https://github.com/envoyproxy/envoy/issues/19774, I found another area that may be improved (possibly). Currently, for each cluster/listener, we do a full boringssl processing of the same key/cert pair (I think). This ends up being fairly expensive at scale. With a large number of clusters, startup time is decreased from 5.5s to 4.5s in my tests when using 2048 bit RSA keys vs ECDSA keys (since they are cheaper to process).

RSA: 2022-18-02_09-39-12

ECDSA: 2022-18-02_09-39-03

I know very little about boringssl or the lifecycles here, but my naive thought is that it could be read once and shared among each cluster

cc @lambdai

Guida contributor