Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT auth: cache verifiers #5575

Merged
merged 3 commits into from
Aug 21, 2023
Merged

JWT auth: cache verifiers #5575

merged 3 commits into from
Aug 21, 2023

Conversation

jumaffre
Copy link
Contributor

Resolves #5557

To avoid rebuilding a new crypto::Verifier for each incoming JWT request (which is particularly expensive with OpenSSL 3.x - see #5557), we now cache a relatively small number of verifiers in the JWT auth layer. This results in a performance increase for all JWT-related tests, which will be even greater with OpenSSL 3.x.

@jumaffre jumaffre requested a review from a team August 21, 2023 15:57
@jumaffre jumaffre added auto-backport Automatically backport this PR to LTS branch 4.x-todo PRs which should be backported to 4.x labels Aug 21, 2023
@achamayou
Copy link
Member

It would be good to have the cache size be configurable through governance, in the same way as the other JWT settings, some users may want to cache more than 10 verifiers etc.

@ghost
Copy link

ghost commented Aug 21, 2023

cache_jwt_verifier@74782 aka 20230821.19 vs main ewma over 20 builds from 74378 to 74756

Click to see table

main

build_id build_number pi_basic_mt_virtual_cft^ Commit latency factor ls_virtual_cft^ pi_ls_virtual_cft^ pi_basic_virtual_cft^ ls_sgx_cft^ ls_sgx_cft_mem pi_ls_sgx_cft^ pi_ls_sgx_cft_mem pi_basic_js_virtual_cft^ pi_basic_sgx_cft^ pi_basic_sgx_cft_mem ls_jwt_virtual_cft^ pi_ls_jwt_virtual_cft^ pi_basic_mt_sgx_cft^ pi_basic_mt_sgx_cft_mem ls_js_virtual_cft^ pi_basic_js_sgx_cft^ pi_basic_js_sgx_cft_mem ls_full_js_virtual_cft^ ls_jwt_sgx_cft^ ls_jwt_sgx_cft_mem pi_ls_jwt_sgx_cft^ pi_ls_jwt_sgx_cft_mem ls_js_jwt_virtual_cft^ ls_js_sgx_cft^ ls_js_sgx_cft_mem hist_sgx_cft^ ls_full_js_sgx_cft^ ls_full_js_sgx_cft_mem ls_js_jwt_sgx_cft^ ls_js_jwt_sgx_cft_mem RB put (/s)^ CHAMP put (/s)^ RB get (/s)^ CHAMP get (/s)^
74378 20230811.7 88492.2 0.802305 45677.6 48432.2 54684.7 19903.3 1.88908e+07 20171.7 1.25993e+07 4539.7 22216.7 1.67936e+07 12416.2 13091.7 38650.5 2.72794e+07 4453.32 1719.9 1.25993e+07 3563.15 6370.76 1.67936e+07 6518.5 6.30784e+06 3344.07 1745.05 1.05021e+07 42180.8 1438.55 1.05021e+07 1430.81 1.05021e+07 834643 1.18197e+06 8.15296e+06 3.11369e+07
74393 20230811.11 72880.2 0.802048 45663.8 47632.7 53582.1 20033.6 1.88908e+07 20189.8 1.25993e+07 4489.6 22213.1 1.67936e+07 12392.7 13312.2 38890.9 2.51822e+07 4458.86 1724.7 1.25993e+07 3496.9 6358.91 1.67936e+07 6522.4 6.30784e+06 3288.31 1745.64 1.05021e+07 47361.6 1439.43 1.05021e+07 1423.98 1.05021e+07 829334 1.1786e+06 8.15455e+06 3.08582e+07
74405 20230811.13 84875.2 0.799883 45739.8 44854.1 53826.6 19943.4 1.67936e+07 20158.2 1.05021e+07 4505.2 22107.1 1.67936e+07 12458.7 12889.8 38804.4 2.72794e+07 4433.17 1727.4 1.25993e+07 3576.83 6692.16 1.67936e+07 6591.3 6.30784e+06 3264.12 1746.31 1.05021e+07 43371.9 1427.77 1.05021e+07 1425.5 1.05021e+07 835000 1.17701e+06 8.15566e+06 3.09029e+07
74425 20230814.4 81005.3 0.788539 43766.9 47791.6 53044.4 20058.5 1.88908e+07 20066.3 1.25993e+07 4476.8 22245.3 1.67936e+07 12324.6 12860.2 38492.4 2.72794e+07 4480.33 1728.7 1.05021e+07 3439.84 6397.71 1.67936e+07 6613.1 6.30784e+06 3305.9 1742.48 1.05021e+07 45672.3 1439.23 1.05021e+07 1431.17 1.05021e+07 838021 1.1778e+06 8.15507e+06 3.0784e+07
74432 20230814.7 75646 0.817276 45886.5 47469.4 53530.9 19999.3 1.88908e+07 20133.7 1.25993e+07 4520.6 22073.4 1.67936e+07 12327.4 12921.6 38424 2.72794e+07 4425.4 1717.3 1.25993e+07 3477.25 6341.62 1.67936e+07 6462 6.30784e+06 3266.76 1744.92 1.05021e+07 48165.2 1422.1 1.05021e+07 1425.52 1.05021e+07 825462 1.1799e+06 8.13835e+06 3.08137e+07
74454 20230815.3 69841.3 0.801873 43713.4 48179.3 53480.5 19840.7 1.88908e+07 20095.1 1.25993e+07 4445.3 22097.1 1.67936e+07 12483.5 12750.5 38576.9 2.72794e+07 4457.26 1725.2 1.25993e+07 3500.77 6340.93 1.67936e+07 6641.6 6.30784e+06 3263.54 1744.28 1.05021e+07 45794.6 1439.26 1.05021e+07 1426.85 1.05021e+07 829402 1.18158e+06 8.15537e+06 3.11412e+07
74461 20230815.7 67371.9 0.818769 46047.3 46914.7 53628.8 19972 1.88908e+07 20170.6 1.05021e+07 4533.4 22108.7 1.67936e+07 12304.9 12896.9 39100.5 2.72794e+07 4441.12 1714.7 1.25993e+07 3574.64 6341.63 1.67936e+07 6474.1 6.30784e+06 3250.43 1738.21 1.05021e+07 45998.4 1437.82 1.05021e+07 1432.91 1.05021e+07 828701 1.18254e+06 8.15137e+06 3.22662e+07
74474 20230815.11 83323.4 0.794527 44006.6 48130.1 53133.7 20045.8 1.88908e+07 20128.8 1.25993e+07 4482.8 22175.6 1.67936e+07 12321.3 13339.6 38642 2.72794e+07 4444.74 1735.7 1.25993e+07 3467.96 6383.4 1.67936e+07 6568.6 6.30784e+06 3266.21 1742.1 1.05021e+07 46193.8 1434.21 1.05021e+07 1422.91 1.05021e+07 835648 1.17698e+06 8.1401e+06 3.08666e+07
74510 20230816.1 70797.5 0.79391 45664.3 48310.3 53485.5 19985.7 1.88908e+07 20090.3 1.25993e+07 4469.4 22138 1.67936e+07 12494.1 13111.7 37360.1 2.72794e+07 4466.5 1735.4 1.25993e+07 3466.26 6719.14 1.67936e+07 6508 6.30784e+06 3270.1 1746.42 1.05021e+07 42854.4 1440.41 1.05021e+07 1433.43 1.05021e+07 839230 1.17803e+06 8.15309e+06 3.08174e+07
74553 20230816.14 83052.6 0.80085 45971.2 48460.4 54174.5 20103.4 1.88908e+07 20279.8 1.25993e+07 4517.1 22556.1 1.67936e+07 12271.3 12986.3 38976.8 2.72794e+07 4431.14 1724.4 1.25993e+07 3571.73 6672.96 1.67936e+07 6484.6 6.30784e+06 3377.06 1745.01 1.05021e+07 48418.1 1436.22 1.05021e+07 1429.13 1.05021e+07 822826 1.18085e+06 8.17235e+06 3.06568e+07
74583 20230816.21 78106.8 0.793694 45640.7 48315.5 53242.5 20066.9 1.88908e+07 20261.6 1.25993e+07 4534.9 22514.4 1.67936e+07 12304.8 13098.3 38778.8 2.72794e+07 4454.98 1731.6 1.25993e+07 3477.94 6403.27 1.67936e+07 6531.2 6.30784e+06 3266.07 1742.57 1.05021e+07 44499 1434.72 1.05021e+07 1428.25 1.05021e+07 828489 1.17797e+06 8.15426e+06 3.09478e+07
74600 20230817.1 77267.9 0.783219 45662.1 48214.4 54245.6 20052.3 1.88908e+07 20283.5 1.25993e+07 4547 22580.6 1.67936e+07 12340.4 12920.2 38876.7 2.72794e+07 4434.02 1724.6 1.25993e+07 3464.06 6363.23 1.67936e+07 6605.3 6.30784e+06 3356.34 1745.31 1.05021e+07 44612.6 1436.91 1.05021e+07 1433.67 1.05021e+07 828627 1.18077e+06 8.14194e+06 2.96756e+07
74613 20230817.6 89897.4 0.804638 43498.7 47884.5 52987.8 20086.4 1.88908e+07 20320.4 1.25993e+07 4526.1 22695.3 1.67936e+07 12431.7 13008.1 39514.1 2.72794e+07 4483.36 1734.4 1.05021e+07 3511.6 6357.59 1.67936e+07 6523.1 6.30784e+06 3275.81 1742.34 1.05021e+07 43634.7 1433.89 1.05021e+07 1432.2 1.05021e+07 837791 1.17873e+06 8.1704e+06 3.07212e+07
74628 20230817.10 84593.9 0.804241 43703.7 47852.8 54250.1 19948.9 1.88908e+07 20320.3 1.25993e+07 4533.3 22656.4 1.67936e+07 12319.6 13195.9 39524.6 2.72794e+07 4433.68 1717.1 1.25993e+07 3403.1 6323.05 1.67936e+07 6538.3 6.30784e+06 3347.29 1743.34 1.05021e+07 46070.2 1440.57 1.05021e+07 1413.38 1.05021e+07 838189 1.176e+06 8.1567e+06 3.06614e+07
74674 20230817.23 68973.5 0.793168 45649.4 48487 55041.7 20028.2 1.88908e+07 20264.3 1.25993e+07 4548.5 22663.8 1.46964e+07 12257.5 13105 39396.9 2.72794e+07 4481.9 1710 1.25993e+07 3497.61 6453.63 1.67936e+07 6430.3 6.30784e+06 3285.09 1738.07 1.05021e+07 49469.7 1421.81 1.05021e+07 1419.34 1.05021e+07 830896 1.18034e+06 8.15335e+06 3.08002e+07
74680 20230818.1 82628.2 0.796933 45447 47821.3 53858.8 20056.2 1.88908e+07 20230.6 1.25993e+07 4548.6 22652.6 1.67936e+07 12244 13165.3 38842.3 2.72794e+07 4446.82 1731.5 1.05021e+07 3505.04 6685.01 1.67936e+07 6564.6 6.30784e+06 3306.89 1744 1.05021e+07 50421.1 1441.14 1.05021e+07 1435.45 1.05021e+07 831488 1.17972e+06 8.17102e+06 3.07628e+07
74696 20230818.8 72111.4 0.765015 45722.7 48148.2 54660.7 20021.1 1.88908e+07 20301.4 1.25993e+07 4521.3 22666.8 1.67936e+07 12314.9 12457.6 39264.2 2.72794e+07 4425.84 1744.6 1.25993e+07 3574.1 6720.95 1.67936e+07 6562.8 6.30784e+06 3257.92 1740.93 1.05021e+07 46232.2 1438.6 1.05021e+07 1428.66 1.05021e+07 833383 1.17352e+06 8.13706e+06 3.0809e+07
74706 20230818.11 70767.6 0.805945 45574.4 48079.9 54579.4 20046.9 1.88908e+07 20274.1 1.25993e+07 4534 22840.3 1.67936e+07 12399.2 13313.8 39153 2.72794e+07 4472.95 1734.1 1.05021e+07 3477.82 6731.35 1.67936e+07 6571.8 6.30784e+06 3267.1 1743.99 1.05021e+07 47733.9 1439.83 1.05021e+07 1430.2 1.05021e+07 838238 1.18771e+06 8.15572e+06 3.08657e+07
74734 20230821.1 68692 0.787502 45701.3 48422.2 54737.8 20054.3 1.88908e+07 20256.1 1.25993e+07 4477.4 22704.7 1.67936e+07 12333.3 13240.3 39660.9 2.72794e+07 4472.1 1737.7 1.25993e+07 3604.55 6731.35 1.67936e+07 6572.3 6.30784e+06 3262.93 1744.69 1.05021e+07 48482.3 1436.1 1.05021e+07 1424.91 1.05021e+07 834854 1.18346e+06 8.15205e+06 3.13524e+07
74756 20230821.10 81309.7 0.819553 45407.1 47721.1 53345.4 19853.5 1.88908e+07 20193.5 1.25993e+07 4551.3 22400.1 1.67936e+07 12233.6 11493.5 38925.4 2.72794e+07 4468.83 1726.3 1.25993e+07 3503.03 6676.53 1.67936e+07 6520.8 6.30784e+06 3299.04 1748.72 1.05021e+07 42500.1 1429.05 1.05021e+07 1433.71 1.05021e+07 833174 1.1817e+06 8.15222e+06 3.12067e+07

cache_jwt_verifier

build_id build_number pi_basic_mt_sgx_cft^ pi_basic_mt_sgx_cft_mem pi_basic_mt_virtual_cft^ Commit latency factor ls_virtual_cft^ pi_ls_virtual_cft^ pi_basic_virtual_cft^ pi_basic_js_virtual_cft^ ls_sgx_cft^ ls_sgx_cft_mem pi_ls_sgx_cft^ pi_ls_sgx_cft_mem ls_jwt_virtual_cft^ pi_basic_sgx_cft^ pi_basic_sgx_cft_mem pi_ls_jwt_virtual_cft^ ls_js_virtual_cft^ ls_full_js_virtual_cft^ pi_basic_js_sgx_cft^ pi_basic_js_sgx_cft_mem ls_jwt_sgx_cft^ ls_jwt_sgx_cft_mem ls_js_jwt_virtual_cft^ pi_ls_jwt_sgx_cft^ pi_ls_jwt_sgx_cft_mem ls_js_sgx_cft^ ls_js_sgx_cft_mem hist_sgx_cft^ ls_full_js_sgx_cft^ ls_full_js_sgx_cft_mem ls_js_jwt_sgx_cft^ ls_js_jwt_sgx_cft_mem RB put (/s)^ CHAMP put (/s)^ RB get (/s)^ CHAMP get (/s)^
74782 20230821.19 38945.2 2.72794e+07 78876.4 0.768419 45690.5 47901 54381 4519.6 19869.4 1.88908e+07 20221.1 1.25993e+07 17131.8 22205.6 1.67936e+07 19031.7 4449.21 3492.25 1726.3 1.25993e+07 9907.07 1.88908e+07 3809.79 10040.4 6.30784e+06 1743.03 1.05021e+07 48013.1 1422.49 1.05021e+07 1576.41 1.05021e+07 828623 1.17458e+06 8.04052e+06 3.10967e+07

images

@achamayou achamayou merged commit 054356b into microsoft:main Aug 21, 2023
@ghost ghost mentioned this pull request Aug 21, 2023
Merged
ghost pushed a commit that referenced this pull request Aug 21, 2023
@jumaffre
JWT auth: cache verifiers (#5575)
5e01aa5 
(cherry picked from commit 054356b)
@ghost ghost added the backported This PR was successfully backported to LTS branch label Aug 21, 2023
jumaffre pushed a commit that referenced this pull request Aug 22, 2023
[release/4.x] Cherry pick: JWT auth: cache verifiers (#5575) (#5576)
59088dd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achamayou achamayou achamayou approved these changes

Assignees
No one assigned
Labels
4.x-todo PRs which should be backported to 4.x auto-backport Automatically backport this PR to LTS branch backported This PR was successfully backported to LTS branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cache JWT verifiers
2 participants
@jumaffre @achamayou