nats-server: Very high CPU usage during initial TLS setup
Defects
Versions of gnatsd and affected client libraries used:
server 1.0.2 latest go client
OS/Container environment:
centos 7 on ec2 t2.medium
Steps or code to reproduce the issue:
create 16 000 TLS connections as quick as you can
Expected result:
I know TLS is quite heavy and initial setup is costly but perhaps somewhere something can be tuned, this seems excessively slow
Once the initial TLS handshakes are done and connections are up CPU usage is back down to a good 2% no problem
Actual result:
NATS, for 90 seconds or so, using all available CPU on all cores
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 24 (24 by maintainers)
Yes. When no cipher is configured, in Go 1.8, the NATS Server will use these as the default:
Below 1.8, it uses:
He is using
1.0.2but unfortunately, this was built withGo 1.7.6, which does not have the CHACHA ones. Any chance you can build from master with Go 1.8+ to try?Which cipher is being used? You could run server with
-Dand run only one of the client to see what cipher is being negotiated between the two. You may want to make sure that you use a faster cipher (CHACHA ones). Are you using on top of that authorization with bcrypt or token?If we can improve we will, but still, it is expected that if you do create that many connections at once, there will be burden in the CPU. I would recommend adding some random delay in the creation of all those connections.