-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
benchmark: add secure-pair benchmark #20344
Conversation
@nodejs/benchmarking @nodejs/crypto |
I don't think it should've improved. I'm not surprised at all that it's unchanged... (I tried to make a comment stating as much in the thread.) |
@apapirovski You are right, but I thought that it might at least affect the results for |
@alexfernandez It's hard to know from the runs above. These benchmarks can vary 20% between a run so one needs to run them a good number of times to get any significant data. But either way, if this benchmark uses I'm working on some other related stuff that should be more reliable in terms of getting a performance gain but it'll take a while to get it finished. |
benchmark/tls/secure-pair.js
Outdated
server = net.createServer(onRedirectConnection); | ||
server.listen(REDIRECT_PORT, () => { | ||
proxy = net.createServer(onProxyConnection); | ||
proxy.listen(common.PORT, function() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nit... would be good to be consistent with using either () => {}
or function() {}
rather than mixing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed in commit 6ba84cf. As a bonus, removed all var
inherited from benchmark/tls/throughput.js
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this! LGTM
@alexfernandez The commit is not associated with your GitHub account, you might want to fix this before this gets merged. |
@tniessen That should be fixed now? |
const common = require('../common.js'); | ||
const bench = common.createBenchmark(main, { | ||
dur: [5], | ||
securing: ['SecurePair', 'TLSSocket'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add 'securing=SecurePair'
to ./test/sequential/test-benchmark-tls.js
in the array with the other options there. Otherwise the test will run twice the duration it has to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there anything I can do to move this PR along? Thanks! |
@alexfernandez ... not really, we need to do a CI run and get it landed. Let's ask @BridgeAR to give one final sign off for his request. It should get landed in the few days. |
benchmark/tls/secure-pair.js
Outdated
conn.pipe(serverPair.encrypted); | ||
serverPair.encrypted.pipe(conn); | ||
serverPair.on('error', (error) => { | ||
throw new Error('Pair error: ' + error); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could use a template literal instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in commit c17c783.
benchmark/tls/secure-pair.js
Outdated
function secureTLSSocket(conn, client) { | ||
const serverSocket = new tls.TLSSocket(conn, options); | ||
serverSocket.on('error', (e) => { | ||
throw new Error('Socket error: ' + e); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in commit c17c783.
benchmark/tls/secure-pair.js
Outdated
} | ||
|
||
function securePair(conn, client) { | ||
const serverCtxt = tls.createSecureContext(options); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Micro nit: We usually abbreviate context as ctx
within our codebase so I'd prefer serverCtx
for consistency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in commit 53cd71f.
@jasnell Three sign-offs, waiting for the CI run. Thanks! |
Apparently the CI run, although I have no clue as to why 😞 Can you please help? |
Failures look unrelated, let's try again: https://ci.nodejs.org/job/node-test-pull-request/14818/ |
CI before landing: https://ci.nodejs.org/job/node-test-pull-request/14866/ |
Landed in c346cb6. Thank you @alexfernandez and congrats on becoming a Contributor! 🎉 |
Thanks @apapirovski and everyone else involved for all the good work! Now for the performance regression on #20263 😄 |
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAdds a benchmark to compare
tls.createSecurePair()
withnew tls.TLSSocket()
. The first option is deprecated, while the second is the recommended way forward for securing existing server sockets. A proxy server is placed between the client and the server to evidence any performance issues with socket events.Results v8.11.1
tls.createSecurePair()
with Node.js v8.11.1 is quite faster thannew tls.TLSSocket()
:Deprecation warnings have been removed from the output. Test machine is a dual-core Lenovo X1 Carbon with Ubuntu 17.10.
There is a performance regression using
new tls.TLSSocket()
for small packet sizes:The results point to an inefficiency in small packets, and experimentally it appears that while
SecurePair
buffers data,TLSSocket
doesn't: the number of bytes per iteration is quite similar to the number of bytes per packet sent.Results Using
master
Also, a performance regression has been reported in #20263 for v10.0.0, in which removes the old legacy code for
tls.createSecurePair()
using insteadnew tls.TLSSocket()
underneath. So using the latest inmaster
(node v11.0.0-pre):In
master
there is no performance gap betweenSecurePair
andTLSSocket
; instead they are both in the low end of the range seen with v8.11.1.As requested by @addaleax, this benchmark should work reliably on all systems since it does not vary with the number of cores or indeed with CPU load (within reason).
Results With #20287
As requested by @benjamingr, applying #20287 by @apapirovski gives very similar numbers as without it. I don't have an explanation as to why it does not improve as expected.
Deployment Notes
PR should be safe to merge since it only adds a benchmark.