[Opendnssec-develop] hsmspeed not optimal?

Rick Zijlker rick.zijlker at sidn.nl
Thu Jan 28 15:33:46 UTC 2010


Hey Rick,

Actually I ran this test at SoftHSM. It just finished. Here's the log:

--
[root at signer2 ~]# ods-hsmspeed -r softHSM -i 500000 -t 8
Opening HSM Library...
Generating temporary key...
Temporary key created: 4717225f27c412e6ce4a52700f8d0a5d
Signing 500000 RRsets with RSA/SHA1 using 8 threads...
Signer thread #0 started...
Signer thread #2 started...
Signer thread #1 started...
Signer thread #4 started...
Signer thread #3 started...
Signer thread #5 started...
Signer thread #6 started...
Signer thread #7 started...
Signer thread #7 done.
Signer thread #5 done.
Signer thread #1 done.
Signer thread #3 done.
Signer thread #6 done.
Signer thread #0 done.
Signer thread #4 done.
Signer thread #2 done.
Signing done.
8 threads, 500000 signatures per thread, 810.82 sig/s (RSA 1024 bits)
Deleting temporary key...
--

This with RC3. In RC2 I got towards 5000 sig/s with the same
configuration so it feels like something is wrong. 
It even slows down now when running more threads:

--
[root at signer2 ~]# ods-hsmspeed -r softHSM -i 5000 -t 1
Opening HSM Library...
Generating temporary key...
Temporary key created: 4d58758ce514f68cdd3dd2e543444927
Signing 5000 RRsets with RSA/SHA1 using 1 thread...
Signer thread #0 started...
Signer thread #0 done.
Signing done.
1 thread, 5000 signatures per thread, 1033.65 sig/s (RSA 1024 bits)
Deleting temporary key...

[root at signer2 ~]# ods-hsmspeed -r softHSM -i 5000 -t 8
Opening HSM Library...
Generating temporary key...
Temporary key created: 8bb75d13e51565000285fe9df3c8409e
Signing 5000 RRsets with RSA/SHA1 using 8 threads...
Signer thread #0 started...
Signer thread #1 started...
Signer thread #2 started...
Signer thread #3 started...
Signer thread #4 started...
Signer thread #5 started...
Signer thread #6 started...
Signer thread #7 started...
Signer thread #3 done.
Signer thread #6 done.
Signer thread #0 done.
Signer thread #7 done.
Signer thread #4 done.
Signer thread #1 done.
Signer thread #2 done.
Signer thread #5 done.
Signing done.
8 threads, 5000 signatures per thread, 823.79 sig/s (RSA 1024 bits)
Deleting temporary key...
--


Cheers,
Rick


-----Original Message-----
From: Rick van Rein [mailto:rick at openfortress.nl] 
Sent: donderdag 28 januari 2010 16:25
To: Rick Zijlker
Cc: opendnssec-develop at lists.opendnssec.org
Subject: Re: [Opendnssec-develop] hsmspeed not optimal?

Rick,

Inhowfar are you generating new keys?  We noticed that LUNA SA slows
down immensely (it is craving for entropy, basically) wheres a
continuous signing operation should be able to load it fully.

Slow keygen is good... it means that it takes entopy seriously.

Not sure if this helps, but perhaps it does.

-Rick



More information about the Opendnssec-develop mailing list