Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-28008

Add support for tcnative

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.6.0, 3.0.0-beta-1
    • None
    • If a properly shaded netty-tcnative is found on the classpath, hbase will automatically pick it up for use in accelerating TLS handling. Properly shaded means relocated to prefix with org.apache.hbase.thirdparty

    Description

      In investigating HBASE-27947, tcnative can make a big impact on throughput over built-in jdk SSL support. We need three things to make it work:

      1. In X509Util, if Openssl.isAvailable() (meaning tcnative is on the classpath):
        1. Use SslProvider.OPENSSL_REFCNT
        2. Update default ciphers to remove CBC ciphers, which do not work with tcnative. We can either pull the ciphers from OpenSsl.availableJavaCipherSuites() or simply use the default GCM ciphers we already have defined.
      2. Our netty is shaded, so one can't simply put the tcnative jar on the classpath. We might need to provide an hbase-shaded-netty-tcnative module which one can optionally include in their deployment. We will have to decide which of the many tcnative modules to provide a shaded version for.

      Attachments

        Issue Links

          Discovered while testing

          Bug - A problem which impairs or prevents the functions of the product. HBASE-27947 RegionServer OOM under load when TLS is enabled

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link GitHub Pull Request #5363

          Activity

            People

              bbeaudreault Bryan Beaudreault
              bbeaudreault Bryan Beaudreault
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: