On 5/4/15 11:11 am, Jeffrey Walton wrote: > On Sat, Apr 4, 2015 at 11:03 PM, Michael Clark <michael at metaparadigm.com> wrote: >> ... >> Now works on Darwin/OSX: https://github.com/michaeljclark/async_tls_test >> >> Just working through poll peculiarities on Linux. Thanks. > Related: libevent (http://libevent.org/) does a pretty good job of > abstracting that away. I believe it works on Linux, BSDs, OS X and > Windows. But you'll have to switch to a fully asynchronous > architecture. Thanks. Yes there is ASIO too: https://think-async.com/Asio/AsioStandalone http://stackoverflow.com/questions/18506739/boostasio-http-server-extremely-slow I've looked at libevent. There is also libev and libuv. I think they may use the BIO method for async operation, which doesn't share fds with openssl; only memory buffers. The BIO approach may require additional buffer copies. Extra buffer copies may be negligible compared to the encryption overhead, however AES-NI is very fast in terms of cycles per byte. With connection establishment excluded (a large chunk of the TLS overhead) and the case of 16 parallel keepalive connections pumping objects to/from the server (to/from RAM or SSD); the overhead might be appreciable. I am able to get about 18GB/sec AES encryption with AES-NI on a 6-core/12-thread machine with openssl AES-NI. That is a substantial proportion of the memory bandwidth of the machine which is approximately ~60GB/sec. I guess buffer copies will happen in L2/L3 cache where the bandwidth is higher, so perhaps this is less of an issue. In any case I was thinking of using the SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE approach vs the BIO approach. Exploring this at the moment... I'm a beggar for punishment and I like to be aware of the quirks at the foundations and have written my own event abstraction layer that uses poll, kqueue and epoll. It doesn't handle TLS *yet*. I wanted to implement a simple poll-based echo server to get the hang of the OpenSSL API. https://github.com/metaparadigm/latypus https://github.com/metaparadigm/latypus/blob/master/src/pollset.h With plain HTTP latypus can do ~255,000 reqs/sec (16 threads) vs nginx ~140,000 req/sec (16 processes), logging enabled, on a 16 core AWS r3.4xlarge instance. This is mainly due to a more efficient logging implementation (in memory async ring buffer). latypus is slower than nginx with logging disabled but it does not have an open file cache. I would also like to instrument the server to log TLS options, ciphers and versions. Something most current generation servers do not do. For this I need to be comfortable with the OpenSSL API. Hence the simple async echo server. Also want to use C++1y vs C, and use existing language infrastructure where possible e.g. std::set, std::map, std::vector, etc Many of the current C engines reinvent their own hash tables, lists and buffers. i.e. there are as many hash table implementations as there are servers. ~mc -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/297248db/attachment.html>
