<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 5/4/15 11:11 am, Jeffrey Walton
wrote:<br>
</div>
<blockquote
cite="mid:CAH8yC8=C45uz-Z8kP1A-sDcxY=xuH+c5_=Fk7q776jxnBU4O+A@mail.gmail.com"
type="cite">
<pre wrap="">On Sat, Apr 4, 2015 at 11:03 PM, Michael Clark <a class="moz-txt-link-rfc2396E" href="mailto:michael@metaparadigm.com"><michael@metaparadigm.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">...
Now works on Darwin/OSX: <a class="moz-txt-link-freetext" href="https://github.com/michaeljclark/async_tls_test">https://github.com/michaeljclark/async_tls_test</a>
Just working through poll peculiarities on Linux. Thanks.
</pre>
</blockquote>
<pre wrap="">Related: libevent (<a class="moz-txt-link-freetext" href="http://libevent.org/">http://libevent.org/</a>) does a pretty good job of
abstracting that away. I believe it works on Linux, BSDs, OS X and
Windows. But you'll have to switch to a fully asynchronous
architecture.
</pre>
</blockquote>
<br>
Thanks. Yes there is ASIO too:<br>
<br>
<a class="moz-txt-link-freetext" href="https://think-async.com/Asio/AsioStandalone">https://think-async.com/Asio/AsioStandalone</a><br>
<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/18506739/boostasio-http-server-extremely-slow">http://stackoverflow.com/questions/18506739/boostasio-http-server-extremely-slow</a><br>
<br>
I've looked at libevent. There is also libev and libuv. I think they
may use the BIO method for async operation, which doesn't share fds
with openssl; only memory buffers. The BIO approach may require
additional buffer copies. Extra buffer copies may be negligible
compared to the encryption overhead, however AES-NI is very fast in
terms of cycles per byte.<br>
<br>
With connection establishment excluded (a large chunk of the TLS
overhead) and the case of 16 parallel keepalive connections pumping
objects to/from the server (to/from RAM or SSD); the overhead might
be appreciable. I am able to get about 18GB/sec AES encryption with
AES-NI on a 6-core/12-thread machine with openssl AES-NI. That is a
substantial proportion of the memory bandwidth of the machine which
is approximately ~60GB/sec. I guess buffer copies will happen in
L2/L3 cache where the bandwidth is higher, so perhaps this is less
of an issue.<br>
<br>
In any case I was thinking of using the SSL_ERROR_WANT_READ /
SSL_ERROR_WANT_WRITE approach vs the BIO approach. Exploring this at
the moment...<br>
<br>
I'm a beggar for punishment and I like to be aware of the quirks at
the foundations and have written my own event abstraction layer that
uses poll, kqueue and epoll. It doesn't handle TLS *yet*. I wanted
to implement a simple poll-based echo server to get the hang of the
OpenSSL API.<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/metaparadigm/latypus">https://github.com/metaparadigm/latypus</a><br>
<a class="moz-txt-link-freetext" href="https://github.com/metaparadigm/latypus/blob/master/src/pollset.h">https://github.com/metaparadigm/latypus/blob/master/src/pollset.h</a><br>
<br>
With plain HTTP latypus can do ~255,000
<meta charset="utf-8">
reqs/sec (16 threads) vs nginx ~140,000 req/sec (16 processes),
logging enabled, on a 16 core
<meta charset="utf-8">
AWS r3.4xlarge instance. This is mainly due to a more efficient
logging implementation (in memory async ring buffer). latypus is
slower than nginx with logging disabled but it does not have an open
file cache. I would also like to instrument the server to log TLS
options, ciphers and versions. Something most current generation
servers do not do. For this I need to be comfortable with the
OpenSSL API. Hence the simple async echo server.<br>
<br>
Also want to use C++1y vs C, and use existing language
infrastructure where possible e.g. std::set, std::map, std::vector,
etc<br>
<br>
Many of the current C engines reinvent their own hash tables, lists
and buffers. i.e. there are as many hash table implementations as
there are servers.<br>
<br>
~mc<br>
</body>
</html>