ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ Java / JMSPerformance issue on CCDT and SSL in Websphere MQ v7.0

Post new topicReply to topic
Performance issue on CCDT and SSL in Websphere MQ v7.0 View previous topic :: View next topic
Author Message
teddywong
PostPosted: Mon Aug 20, 2012 4:04 am Post subject: Performance issue on CCDT and SSL in Websphere MQ v7.0 Reply with quote

Newbie

Joined: 20 Aug 2012
Posts: 1
We have tried connecting the MQ with Java Client using CCDT and SSL. However we encountered a serve performance issue. The handshake time for SSL was around 5 seconds which we used “NULL_MD5” as cipher suite.

Also we discovered that when the number of channels in CCDT increased , the connection time increased gradually. In our case , CCDT (2 channel definitions) with SSL needed 10 sec for the whole authentication process. Is there any suggestion for tuning the performance for the case using CCDT and SSL? We have already tried using a shorter key length , eg. 512 for key generation which we previous using 2048, but it did not help much.

Would anyone have ideas on these?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Aug 20, 2012 1:46 pm Post subject: Re: Performance issue on CCDT and SSL in Websphere MQ v7.0 Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
teddywong wrote:
We have tried connecting the MQ with Java Client using CCDT and SSL. However we encountered a serve performance issue. The handshake time for SSL was around 5 seconds which we used “NULL_MD5” as cipher suite.

Also we discovered that when the number of channels in CCDT increased , the connection time increased gradually. In our case , CCDT (2 channel definitions) with SSL needed 10 sec for the whole authentication process. Is there any suggestion for tuning the performance for the case using CCDT and SSL? We have already tried using a shorter key length , eg. 512 for key generation which we previous using 2048, but it did not help much.

Would anyone have ideas on these?


You have to be realistic.
in case of a CCDT the algorythm is to go through the X available channels in a specific or random order to try and connect.
Realize that a connection attempt with SSL will always take longer than a connection attempt without SSL.

This is why in a J2EE server, you use a connection pool that caches connections....

So what exactly is the problem then...
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
mqjeff
PostPosted: Tue Aug 21, 2012 1:41 am Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
These numbers don't seem expected to me.

But, then, I've not reviewed the performance reports recently.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue Aug 21, 2012 2:06 am Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
mqjeff wrote:
These numbers don't seem expected to me.

But, then, I've not reviewed the performance reports recently.


Assume that the client has a cert but the cert is not set as required... with negotiation at the highest available security, going through multiple algorithms before the connection is established....

The connection (with SSL) is the most expensive operation...
Agreed there might be some additional stuff on the network at play... but without the network tools (bandwidth meters, sniffers etc...) you'll never know. 10 seconds for 2 channels (assuming the 1st one fails) is not excessive when you have 5 seconds as connection time for 1 channel...

What seems to be somewhat excessive is 5 seconds as connection time for 1 channel... (I would have expected something in the vicinity of 2 seconds)... but then we have no idea what the network setup is and how many hops are between the client and the server (bridges, firewalls, nats, routers, etc...) nor if any of those is (slightly) misconfigured.

@teddywong How long does it take for a traceroute or tracert to complete between the client and the server? What is your disk latency? How long does it take to start the java subsystem on the server?

How long does it take to establish an ssl connection between 2 simple java programs one on the server, one on the client? (trying to rule out MQ there).

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ Java / JMSPerformance issue on CCDT and SSL in Websphere MQ v7.0
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.