Yi Liu created HDFS-6606:
----------------------------
Summary: Optimize encryption support in DataTransfer Protocol with
High performance
Key: HDFS-6606
URL: https://issues.apache.org/jira/browse/HDFS-6606
Project: Hadoop HDFS
Issue Type: Improvement
Components: datanode, hdfs-client, security
Affects Versions: 3.0.0
Reporter: Yi Liu
Assignee: Yi Liu
Fix For: 3.0.0
In HDFS-3637, [~atm] added support for encrypting the DataTransferProtocol, it
was a great work.
It utilizes SASL {{Digest-MD5}} mechanism, it supports three security strength:
* high 3des or rc4 (126bits)
* medium des or rc4(56bits)
* low rc4(40bits)
3des and rc4 are slow, only *tens of MB/s*,
http://www.javamex.com/tutorials/cryptography/ciphers.shtml
http://www.cs.wustl.edu/~jain/cse567-06/ftp/encryption_perf/
I will give more detailed performance data in future. Absolutely it’s
bottleneck and will vastly affect the end to end performance.
AES(Advanced Encryption Standard) is recommended as a replacement of DES, it’s
more secure; with AES-NI support, the throughput can reach nearly *2GB/s*, it
won’t be the bottleneck any more, AES and CryptoCodec work is supported in
HADOOP-10150, HADOOP-10603 and HADOOP-10693 (We may need to add a new mode
support for AES).
This JIRA will use AES with AES-NI support as encryption algorithm for
DataTransferProtocol.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
