benchmark: add secure-pair benchmark #20344
Conversation
nodejs-github-bot
added
benchmark
|
@nodejs/benchmarking @nodejs/crypto |
alexfernandez
changed the title
I don't think it should've improved. I'm not surprised at all that it's unchanged... (I tried to make a comment stating as much in the thread.) |
|
@apapirovski You are right, but I thought that it might at least affect the results for |
|
@alexfernandez It's hard to know from the runs above. These benchmarks can vary 20% between a run so one needs to run them a good number of times to get any significant data. But either way, if this benchmark uses I'm working on some other related stuff that should be more reliable in terms of getting a performance gain but it'll take a while to get it finished. |
benchmark/tls/secure-pair.js
Outdated
| server = net.createServer(onRedirectConnection); | ||
| server.listen(REDIRECT_PORT, () => { | ||
| proxy = net.createServer(onProxyConnection); | ||
| proxy.listen(common.PORT, function() { |
There was a problem hiding this comment.
minor nit... would be good to be consistent with using either () => {} or function() {} rather than mixing.
There was a problem hiding this comment.
Changed in commit 6ba84cf. As a bonus, removed all var inherited from benchmark/tls/throughput.js.
|
@alexfernandez The commit is not associated with your GitHub account, you might want to fix this before this gets merged. |
alexfernandez
changed the title
|
@tniessen That should be fixed now? |
| const common = require('../common.js'); | ||
| const bench = common.createBenchmark(main, { | ||
| dur: [5], | ||
| securing: ['SecurePair', 'TLSSocket'], |
There was a problem hiding this comment.
Please add 'securing=SecurePair' to ./test/sequential/test-benchmark-tls.js in the array with the other options there. Otherwise the test will run twice the duration it has to.
|
Is there anything I can do to move this PR along? Thanks! |
|
@alexfernandez ... not really, we need to do a CI run and get it landed. Let's ask @BridgeAR to give one final sign off for his request. It should get landed in the few days. |
benchmark/tls/secure-pair.js
Outdated
| conn.pipe(serverPair.encrypted); | ||
| serverPair.encrypted.pipe(conn); | ||
| serverPair.on('error', (error) => { | ||
| throw new Error('Pair error: ' + error); |
There was a problem hiding this comment.
This could use a template literal instead.
benchmark/tls/secure-pair.js
Outdated
| function secureTLSSocket(conn, client) { | ||
| const serverSocket = new tls.TLSSocket(conn, options); | ||
| serverSocket.on('error', (e) => { | ||
| throw new Error('Socket error: ' + e); |
benchmark/tls/secure-pair.js
Outdated
| } | ||
|
|
||
| function securePair(conn, client) { | ||
| const serverCtxt = tls.createSecureContext(options); |
There was a problem hiding this comment.
Micro nit: We usually abbreviate context as ctx within our codebase so I'd prefer serverCtx for consistency.
|
@jasnell Three sign-offs, waiting for the CI run. Thanks! |
|
Apparently the CI run, although I have no clue as to why 😞 Can you please help? |
|
Failures look unrelated, let's try again: https://ci.nodejs.org/job/node-test-pull-request/14818/ |
|
CI before landing: https://ci.nodejs.org/job/node-test-pull-request/14866/ |
apapirovski
added
the
author ready
|
Landed in c346cb6. Thank you @alexfernandez and congrats on becoming a Contributor! 🎉 |
|
Thanks @apapirovski and everyone else involved for all the good work! Now for the performance regression on #20263 😄 |
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAdds a benchmark to compare
tls.createSecurePair()withnew tls.TLSSocket(). The first option is deprecated, while the second is the recommended way forward for securing existing server sockets. A proxy server is placed between the client and the server to evidence any performance issues with socket events.Results v8.11.1
tls.createSecurePair()with Node.js v8.11.1 is quite faster thannew tls.TLSSocket():Deprecation warnings have been removed from the output. Test machine is a dual-core Lenovo X1 Carbon with Ubuntu 17.10.
There is a performance regression using
new tls.TLSSocket()for small packet sizes:The results point to an inefficiency in small packets, and experimentally it appears that while
SecurePairbuffers data,TLSSocketdoesn't: the number of bytes per iteration is quite similar to the number of bytes per packet sent.Results Using
masterAlso, a performance regression has been reported in #20263 for v10.0.0, in which removes the old legacy code for
tls.createSecurePair()using insteadnew tls.TLSSocket()underneath. So using the latest inmaster(node v11.0.0-pre):In
masterthere is no performance gap betweenSecurePairandTLSSocket; instead they are both in the low end of the range seen with v8.11.1.As requested by @addaleax, this benchmark should work reliably on all systems since it does not vary with the number of cores or indeed with CPU load (within reason).
Results With #20287
As requested by @benjamingr, applying #20287 by @apapirovski gives very similar numbers as without it. I don't have an explanation as to why it does not improve as expected.
Deployment Notes
PR should be safe to merge since it only adds a benchmark.