Offload TLS negotiation to I/O threads#1338
Conversation
Signed-off-by: Uri Yagelnik <uriy@amazon.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## unstable #1338 +/- ##
============================================
+ Coverage 70.71% 70.78% +0.06%
============================================
Files 115 119 +4
Lines 63159 64715 +1556
============================================
+ Hits 44666 45806 +1140
- Misses 18493 18909 +416
|
madolson
left a comment
There was a problem hiding this comment.
This implementation basically breaks the connection abstraction, since it has the TLS implementation calling functions related to IO threading (which is supposed to be agnostic to the connection type). I was sort of expecting we would offload the event handler.
Signed-off-by: Uri Yagelnik <uriy@amazon.com>
We still don't check in any point for the connection type, since the TLS code calls the IO threads to offload the negotiation with a supplied callback, not the other way around. Maybe we can rename it to 'accept' instead of 'tls_negotiate' to be more abstract.
Not sure I get this, would you please elaborate. |
ranshid
left a comment
There was a problem hiding this comment.
Uri. We discussed offline about several architectual changes to reduce the code changes. Also placed some comments I think we can improve.
…abstraction Signed-off-by: Uri Yagelnik <uriy@amazon.com>
cd86e38 to
c0cf818
Compare
Signed-off-by: Uri Yagelnik <uriy@amazon.com>
Signed-off-by: Uri Yagelnik <uriy@amazon.com>
Signed-off-by: Uri Yagelnik <uriy@amazon.com>
Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: ranshid <88133677+ranshid@users.noreply.github.com>
## TLS Negotiation Offloading to I/O Threads
### Overview
This PR introduces the ability to offload TLS handshake negotiations to
I/O threads, significantly improving performance under high TLS
connection loads.
### Key Changes
- Added infrastructure to offload TLS negotiations to I/O threads
- Refactored SSL event handling to allow I/O threads modify conn flags.
- Introduced new connection flag to identify client connections
### Performance Impact
Testing with 650 clients with SET commands and 160 new TLS connections
per second in the background:
#### Throughput Impact of new TLS connections
- **With Offloading**: Minimal impact (1050K → 990K ops/sec)
- **Without Offloading**: Significant drop (1050K → 670K ops/sec)
#### New Connection Rate
- **With Offloading**:
- 1,757 conn/sec
- **Without Offloading**:
- 477 conn/sec
### Implementation Details
1. **Main Thread**:
- Initiates negotiation-offload jobs to I/O threads
- Adds connections to pending-read clients list (using existing read
offload mechanism)
- Post-negotiation handling:
- Creates read/write events if needed for incomplete negotiations
- Calls accept handler for completed negotiations
2. **I/O Thread**:
- Performs TLS negotiation
- Updates connection flags based on negotiation result
Related issue:valkey-io#761
---------
Signed-off-by: Uri Yagelnik <uriy@amazon.com>
Signed-off-by: ranshid <88133677+ranshid@users.noreply.github.com>
Co-authored-by: ranshid <88133677+ranshid@users.noreply.github.com>
Co-authored-by: Madelyn Olson <madelyneolson@gmail.com>
TLS Negotiation Offloading to I/O Threads
Overview
This PR introduces the ability to offload TLS handshake negotiations to I/O threads, significantly improving performance under high TLS connection loads.
Key Changes
Performance Impact
Testing with 650 clients with SET commands and 160 new TLS connections per second in the background:
Throughput Impact of new TLS connections
New Connection Rate
Implementation Details
Main Thread:
I/O Thread:
Related issue:#761