Wei-Chiu Chuang created HADOOP-12816:
----------------------------------------
Summary: Log peer's address if the pree does not negotiate AES
cipher codec
Key: HADOOP-12816
URL: https://issues.apache.org/jira/browse/HADOOP-12816
Project: Hadoop Common
Issue Type: Improvement
Reporter: Wei-Chiu Chuang
Assignee: Wei-Chiu Chuang
We've had difficulty probing the root cause of performance slowdown with
in-transit encryption using AES-NI. We finally found the root cause was the
Hadoop client did not configure encryption properties correctly, so they did
not negotiate AES cipher suite when creating an encrypted stream pair, despite
the server (a data node) supports it. Existing debug message did not help. We
saw debug message "Server using cipher suite AES/CTR/NoPadding" on the same
data node, but that refers to the communication with other data nodes.
It would be really helpful to log a debug message if a SASL server configures
AES cipher suite, but the SASL client doesn't, or vice versa. This debug
message should also log the client address to differentiate it from other
stream pairs.
More over, the debug message "Server using cipher suite AES/CTR/NoPadding"
should also be extended to include the client's address.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
