[NetDev-People] 0x14: 'Tis A TLS Festival folks!

Jamal Hadi Salim jhs at mojatatu.com
Fri Jan 24 11:40:08 UTC 2020



TLS aint cheap on the CPU. The trend on Internet traffic
is indicating that the majority of internet traffic is being
encrypted with TLS.  In other words the most common packets
are using TLS! For this reason, we need to pay more attention
to TLS performance. At 0x14 we have a small TLS festival. And
its all about improving performance.

In the first talk, Pawel Szymanski and Manasi Deval that
assert the claim that you can achive good performance by
letting the CPU do its thing. Use modern CPU instructions
like X86 AESNI.
They run experiments that compare user-mode TLS, Kernel TLS
write and kernel TLS Sendfile to contrast various bottlenecks
in each one with regards to encryption and authentication,
cost of system calls and the memory bandwidth.
They will present their results during the talk.
The talk will also provide some insight on which of the
three approaches is best suited for different type of application
scenarios.

More info:
https://netdevconf.info/0x14/session.html?talk-TLS-performance-characterization-on-modern-x86-CPUs

And in the second TLS talk, Tariq Toukan, Bar Tuaf and
Tal Gilboa discuss offloading of TLS to the NIC.
They start by reviewing the life cycle of a HW
offloaded kTLS connection and the driver-HW interaction
in order to support it.

They will then present their experiments where NginX TLS
activity is offloaded to the Mellanox ConnectX-6Dx NIC
(using mlx5e driver). And finally, they present their experimental
results which show significant performance speed-up gained by
offloading kTLS operations to the HW.

More info:
https://netdevconf.info/0x14/session.html?talk-kTLS-HW-offload-implementation-and-performance-gains

In the third talk, Alexander Krizhanovsky and Ivan Koveshnikov continue
their quest(see netdev 0x12 talk) to investigate and improve TLS
handshake by moving it into the kernel (currently user space handled).

In continuation from 0x12, Alexander and Ivan have been experimenting
with new kernel approaches to reduce some perf culprits involved in
completing a TLS handshake, namely dynamic memory allocation and big
integer initialization. They will present their results which quantify
the new approach. The talk will cover many other perf topics related
to TLS handshake.

More info:
https://netdevconf.info/0x14/session.html?talk-performance-study-of-kernel-TLS-handshakes

Reminder, registration is now open and early bird is still in effect.
https://netdevconf.info/0x14/registration.html

cheers,
jamal


More information about the people mailing list