[zeromq-dev] Curve messaging security capacity
Luca Boccassi
luca.boccassi at gmail.com
Fri Jan 5 17:08:35 CET 2018
On Fri, 2018-01-05 at 15:08 +0000, Stephen Gray wrote:
> When profiled the calls to boost::serialization seem to dominate,
> crypto stuff is further down the list. When the modules in use by
> the app are examined libsodium.dll doesn't feature; though I have
> placed it in the same folder as the application. It was also
> available when I built zmq & czmq from source. What do I need to do
> to make the app use libsodium?
>
> Thanks,
>
> Stephen.
On Linux you can just check what the library is linked against - but I
think you are on Windows so I really have no idea, sorry - maybe check
in the profiling, if you see code from src/tweetnacl.c/h then you are
definitely not using sodium.
> -----Original Message-----
> From: zeromq-dev [mailto:zeromq-dev-bounces at lists.zeromq.org] On
> Behalf Of David Jelenc
> Sent: 05 January 2018 14:40
> To: zeromq-dev at lists.zeromq.org
> Subject: Re: [zeromq-dev] Curve messaging security capacity
>
> This is mere speculation, since its been a while since I last took a
> look at how CURVE is implemented, but I think the proxy (i.e. your
> broker) might be causing issues.
>
> When you send a message from PUSH to PROXY, you use a single CURVE
> session. But when the proxy effectively sends an application-level
> multicast to many subscribers, it uses as many CURVE sessions as
> there are subscribers.
>
> But as Luca suggested, try profiling and use libsodium. In my project
> (I was using a similar topology as you) it was about 10-15 times
> faster than TweetNaCl.
>
> On 05. 01. 2018 14:45, Luca Boccassi wrote:
> > On Fri, 2018-01-05 at 12:46 +0000, Stephen Gray wrote:
> > > I'm building up a 'clone' pattern distributed app for
> > > transmission of
> > > time-series data using CZMQ and with the option to either enable
> > > or
> > > disable CURVE security ala IRONHOUSE.
> > >
> > > It has a PUSH->{PROXY: PULL->PUB}->SUB arrangement for delivery
> > > of
> > > latest updates and ROUTER->DEALER for data history requests and
> > > responses.
> > >
> > > It's functioning nicely in initial testing, both with CURVE
> > > enabled
> > > or disabled.
> > >
> > > However when I increase the number of data points (from a few
> > > hundred) to one million it starts creating an issue.
> > >
> > > With CURVE disabled the million data points (requested DEALER-
> > > >ROUTER
> > > as 1000 messages x 1000 data points each) are requested,
> > > delivered
> > > and synchronised in the blink of an eye.
> > >
> > > When CURVE is enabled then the client just gets DISCONNECTED
> > > whenever
> > > it tries to connect & make the 1000 x 1000 message requests. The
> > > 1000 requests are fast and sequential. I tried changing to 100
> > > messages x 10000 datapoints; but this made no difference.
> > >
> > > Are there some messaging limits in the CURVE protocol. Anyone
> > > know
> > > why I might get this behaviour?
> > >
> > > With thanks,
> > >
> > > Stephen.
> > > P.S. Code for this is long & involved, too much to expect anyone
> > > to
> > > read. ;-)
> >
> > Have you tried profiling to see where the bottleneck is?
> >
> > If it's in the crypto primitives, check whether you are using
> > libsodium or the embedded tweetnacl. IIRC libsodium supports
> > hardware
> > accelerators, including recent-ish CPU instructions.
> >
> > I don't think I've seen benchmarks before.
> >
> >
> >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > https://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20180105/242ef123/attachment.sig>
More information about the zeromq-dev
mailing list