You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by "David Neuman (JIRA)" <ji...@apache.org> on 2016/11/07 14:52:58 UTC
[jira] [Updated] (TC-29) Traffic Router TPS for HTTPS requests
diminishes when reloading certificates
[ https://issues.apache.org/jira/browse/TC-29?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Neuman updated TC-29:
---------------------------
Description:
When Traffic Router reloads SSL certificates while processing HTTPS transactions, the TPS drops significantly.
Example Log output during the drop in TPS:
INFO 2016-11-07T14:05:23.363 [pool-2-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: https://to.kabletown.net/api/1.2/cdns/name/test-xc
r/sslkeys.json; timeout is 15000
INFO 2016-11-07T14:05:23.500 [New I/O worker #8] com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - Entered processConfig
INFO 2016-11-07T14:05:23.500 [New I/O worker #8] com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - Exiting processConfig: No json data to process
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-02 domain ds-02.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-01 domain ds-01.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-05 domain ds-05.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-04 domain ds-04.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-03 domain ds-03.cdn.kabletown.net.net
INFO 2016-11-07T14:05:43.399 [pool-17-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: https://to.kabletown.net/api/1.1/cdns/name/test-xcr/dnsseckeys.json; timeout is 30000
INFO 2016-11-07T14:06:23.339 [pool-5-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.monitor.TrafficMonitorWatcher - Loading properties from /opt/traffic_router/conf/traffic_monitor.properties
was:
When Traffic Router is processing HTTPS transactions and then reloads certificates, the TPS drops significantly. It appears traffic router stops processing requests when it loads the certs and then continues processing again.
Example Log output during the drop in TPS:
INFO 2016-11-07T14:05:23.363 [pool-2-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: https://to.kabletown.net/api/1.2/cdns/name/test-xc
r/sslkeys.json; timeout is 15000
INFO 2016-11-07T14:05:23.500 [New I/O worker #8] com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - Entered processConfig
INFO 2016-11-07T14:05:23.500 [New I/O worker #8] com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - Exiting processConfig: No json data to process
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-02 domain ds-02.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-01 domain ds-01.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-05 domain ds-05.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-04 domain ds-04.cdn.kabletown.net.net
ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-03 domain ds-03.cdn.kabletown.net.net
INFO 2016-11-07T14:05:43.399 [pool-17-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: https://to.kabletown.net/api/1.1/cdns/name/test-xcr/dnsseckeys.json; timeout is 30000
INFO 2016-11-07T14:06:23.339 [pool-5-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.monitor.TrafficMonitorWatcher - Loading properties from /opt/traffic_router/conf/traffic_monitor.properties
> Traffic Router TPS for HTTPS requests diminishes when reloading certificates
> ----------------------------------------------------------------------------
>
> Key: TC-29
> URL: https://issues.apache.org/jira/browse/TC-29
> Project: Traffic Control
> Issue Type: Bug
> Components: Traffic Router
> Reporter: David Neuman
>
> When Traffic Router reloads SSL certificates while processing HTTPS transactions, the TPS drops significantly.
> Example Log output during the drop in TPS:
> INFO 2016-11-07T14:05:23.363 [pool-2-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: https://to.kabletown.net/api/1.2/cdns/name/test-xc
> r/sslkeys.json; timeout is 15000
> INFO 2016-11-07T14:05:23.500 [New I/O worker #8] com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - Entered processConfig
> INFO 2016-11-07T14:05:23.500 [New I/O worker #8] com.comcast.cdn.traffic_control.traffic_router.core.config.ConfigHandler - Exiting processConfig: No json data to process
> ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-02 domain ds-02.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-01 domain ds-01.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-05 domain ds-05.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-04 domain ds-04.cdn.kabletown.net.net
> ERROR 2016-11-07T14:05:24.760 [Thread-5] com.comcast.cdn.traffic_control.traffic_router.core.config.CertificateChecker - No certificate data for https cdn-ds-03 domain ds-03.cdn.kabletown.net.net
> INFO 2016-11-07T14:05:43.399 [pool-17-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.util.Fetcher - GETing: https://to.kabletown.net/api/1.1/cdns/name/test-xcr/dnsseckeys.json; timeout is 30000
> INFO 2016-11-07T14:06:23.339 [pool-5-thread-1] com.comcast.cdn.traffic_control.traffic_router.core.monitor.TrafficMonitorWatcher - Loading properties from /opt/traffic_router/conf/traffic_monitor.properties
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)