-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
defaults: do TLS by default for encryption #2650
Conversation
Throughput is basically comparing go's hardware accelerated AES impl vs the software chacha one. |
Any idea why TLS is allocating like crazy during the transfer? |
So is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, modulo the location of the benchmarks. On my M1 Mac, the difference is quite extreme:
goos: darwin
goarch: arm64
pkg: github.com/libp2p/go-libp2p/p2p/security/tls
BenchmarkTls/throughput/32KiB-10 70203 15562 ns/op 2105.59 MB/s
BenchmarkTls/throughput/1MiB-10 2516 495383 ns/op 2116.70 MB/s
BenchmarkTls/handshakes-10 2110 549245 ns/op
PASS
ok github.com/libp2p/go-libp2p/p2p/security/tls 4.445s
goos: darwin
goarch: arm64
pkg: github.com/libp2p/go-libp2p/p2p/security/noise
BenchmarkNoise/throughput/32KiB-10 17421 71990 ns/op 455.17 MB/s
BenchmarkNoise/throughput/1MiB-10 663 1819395 ns/op 576.33 MB/s
@Jorropo Would you be able to push this PR across the finish line, or do you want us to take it over? |
Tls has much better throughput, the handshake benchmark is fairly noisy, there is no significant performance difference, however it does allocate more. ``` goos: linux goarch: amd64 cpu: AMD Ryzen 5 3600 6-Core Processor BenchmarkNoise/throughput/32KiB-12 24984 46605 ns/op 703.10 MB/s 37 B/op 2 allocs/op BenchmarkNoise/throughput/1MiB-12 1134 1459483 ns/op 718.46 MB/s 663 B/op 34 allocs/op BenchmarkNoise/handshakes-12 1302 1054533 ns/op 32691 B/op 348 allocs/op BenchmarkTls/throughput/32KiB-12 49006 24309 ns/op 1347.99 MB/s 50 B/op 2 allocs/op BenchmarkTls/throughput/1MiB-12 1747 778498 ns/op 1346.92 MB/s 1603 B/op 64 allocs/op BenchmarkTls/handshakes-12 1116 1045475 ns/op 105257 B/op 1478 allocs/op ```
4afd6b9
to
843e66b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM Thanks @Jorropo!
Should we remove the asserts from the benchmarks?
The assert is extremely cheap, it ensure the benchmark is actually benchmarking as intended. |
Note: If merging this I would make sure to call out this change in the release notes so people can decide if/when they want to make the change. IIUC this will add one roundtrip to all TCP/WS/WSS connections in between go-libp2p nodes in the short term (while nodes update) and may also add one roundtrip to all of those connection types to libp2p implementations that don't support TLS (is that all the others, or is my info out of date?). If I recall the reason Noise was made the default over TLS was that TLS was only really supported in go-libp2p and the potential for extra roundtrips weren't deemed worthwhile as a default (despite TLS being better for go-libp2p<->go-libp2p connections). |
This shouldn't happen, I'll confirm though.
I'll point these out in the release notes. |
In fact, TLS is no faster than Noise and encapsulates more overhead. The reason for the benchmark being due to Noise is that modern CPU have AES-related instruction sets, and Noise is a non-negotiated cryptographic transport layer protocol that, in libp2p, uses The only problem is that it causes break change
|
Libp2p's noise require ChaChaPoly sha256, that would require a new spec and break compat which is bad. The cost of encapsulation seems trivial over the cost of the cipher, your Even if TLS was too slow, |
Tls has much better throughput, the handshake benchmark is fairly noisy, there is no significant performance difference, however it does allocate more.