context negotiation performance problem
Eric Mei
ericm at clusterfs.com
Wed Nov 2 16:03:33 EST 2005
Hi,
I searched archive but didn't find the answer.
I made a simple test for security context negotiation of MIT krb5-1.3.5,
under Linux, driven by GSSAPI: client call gss_init_sec_context() and
send token to server, server call gss_accept_sec_context() and send back
the result token.
on a P4 1.6G machine, the server only could handle ~10 requests per
second, and there's lots of disk I/O during running. By strace, I found
krb5 libraries created a temp file under "/var/tmp", and call following
syscalls for each request:
write(fd, data, 50);
fsync(fd);
The fsync() certainly lead to low performance. Anybody know why it is here?
Besides the fsync(), vmstat shows ~200 blocks write per seconds. It
seems the above "write(fd, data, 50)" can't produce that much data. So
where those write come from? Are there any other known issue might
affect performance?
Our server might experience 1000s of context negotiation requests at the
same time, so the above performance problem looks serious to us.
Thanks a lot for any help!
Eric
More information about the Kerberos
mailing list