|
|
Subscribe / Log in / New account

OpenSSL 3.2.0 released

OpenSSL 3.2.0 released

Posted Nov 29, 2023 14:59 UTC (Wed) by wtarreau (subscriber, #51152)
In reply to: OpenSSL 3.2.0 released by paulj
Parent article: OpenSSL 3.2.0 released

> Huh, wow. Some simple client that was just good enough for s_client for debug stuff, ok possibly (though, why not use a library?).

You just don't debug anything protocol-wise with a single stream in QUIC, and that library is totally irrelevant to the rest of the ecosystem for not even being interoperable (hence testable) with anything else. Other libs such as ngtcp2 which have been there from the beginning and have adapted to their users' needs are well-tested and permit everything and much more than s_client could ever do. Even some command-line tools such as picoquicdemo are more relevant since relying on a proven and testable implementation.

> But, if they put a lot of energy into this with the idea that it would be used by others for real stuff, as part of the OpenSSL lib? Weird :).

Except they have exactly zero idea what their users want. Their users already expressed that 4.5 years ago, en masse, these people were just thanked by a middle finger. The simple fact of saying "ok we showed in 3.x how we could fail when touching stuff we have no skills on, but instead of trying to fix it we'll now switch to something completely new for us, a QUIC implementation that you don't want" is a great indicator that they have no care for their users' needs. All main HTTP implementations now have their own QUIC stack so anything that could be done by the openssl team now will just be limited to s_client and nothing else. Pure waste of time, effort, energy and trust.

> Certainly, there are major implementations that are essentially atrocious on performance if used server side (OK on the client).

Oh it's possible, but not all of them. We managed to pull 260 Gbps out of haproxy's QUIC stack (22M pkt/s both directions) on a perfectly standard Linux network stack. That's not bad at all and at least it scales well!

> Which I think is why so many cloud companies have had to go and write their own implementation.

No that's not the reason at all, the protocol was designed so that it runs entirely in userland to speed up protocol version upgrade deployments, and as such, there is no uniform API to implement it the best way for each implementation. Depending on your event model you'll use a set of totally different mechanisms and that's perfectly fine. From this point it becomes difficult to both uniformize everything and keep performance, however some of the stacks that offload all the painful stuff for you are still usable, but with some necessary overhead.

> The protocol also has a couple of places where it allows too much, meaning supporting this leads to a bit of extra complexity and (on one certain thing) a /lot/ more worst-case performance overheads, when compared to TCP.

Absolutely, and that's precisely one of the reasons why this should only be implemented by those who have enough time to grow transport-layer skills and become experts on the matter, instead of being developed as yet-another activity by a crypto team who thought they could play with a new toy (and worse, let people believe this will eventually be usable).

to post comments

OpenSSL 3.2.0 released

Posted Nov 29, 2023 17:16 UTC (Wed) by paulj (subscriber, #341) [Link] (2 responses)

260 Gb/s? Chapeau. ;)

I guess API could be another reason too. The (google) Quiche API looks OK, and I don't see an obstacle to integrating it with other main loops (it has its own abstraction). The code is a bit sprawling, as it common with C++ code-bases that like to use inheritance. But the slowness is a major deal-breaker from my perspective.

YMMV. ;)

OpenSSL 3.2.0 released

Posted Nov 29, 2023 18:53 UTC (Wed) by DemiMarie (subscriber, #164188) [Link] (1 responses)

I don’t think gQuiche is meant for serious server use. As you mentioned, it is used in clients and works fine there, and there are other stacks that are much faster on the server end.

OpenSSL 3.2.0 released

Posted Nov 30, 2023 10:32 UTC (Thu) by paulj (subscriber, #341) [Link]

Hard to know for sure, but my reading of talks Google have given on QUIC in their production use over the years is they probably used Quiche on the server side too. And they had the obvious performance issues, which they have optimised away to a large extent (still not as good as TCP in the last performance comparisons they've made available) - I assume optimised Quiche, rather than write a complete new QUIC.

There is some (very) low hanging fruit in Quiche wrt gaining performance. I'm surprised no one has fixed it. Hopefully I'll be allowed to send a patch at some point. ;)

OpenSSL 3.2.0 released

Posted Dec 18, 2023 17:50 UTC (Mon) by starox (subscriber, #168285) [Link] (2 responses)

We managed to pull 260 Gbps out of haproxy's QUIC stack (22M pkt/s both directions) on a perfectly standard Linux network stack
There is something that I don't understand. Doing simple math, it gives packet sizes in the GBytes order of magnitude. Is this really packets per seconds or "application connection streams" per second ?

OpenSSL 3.2.0 released

Posted Dec 18, 2023 20:06 UTC (Mon) by pizza (subscriber, #46) [Link] (1 responses)

260Gbps == 260000Mbps

260000Mbps / 22Mpps = ~11818 bits per packet = 1477 bytes per packet, which is a rounding error from the 1472 byte max payload of a TCP+UDP packet.

OpenSSL 3.2.0 released

Posted Dec 18, 2023 20:25 UTC (Mon) by starox (subscriber, #168285) [Link]

I ought to write it down to see that I forget one million factor ... Sorry for the noise.

Thanks !


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds