[Opendnssec-user] AEP Keyper: any experience?
Gilles Massen
gilles.massen at restena.lu
Mon Sep 13 09:39:41 UTC 2010
Hi Jakob,
On 09/13/2010 10:05 AM, Jakob Schlyter wrote:
> On 13 sep 2010, at 09.54, Gilles Massen <gilles.massen at restena.lu>
> wrote:
>
>> My current tests get a performance of +-300 rr/sec while the specs
>> show 1200 transactions per sec, and I'd like to figure where the
>> bottleneck lies: my config, Keyper as such, or OpenDNSSEC ways of
>> doing things.
>
> What results do you get from ods-hsmspeed? Please also try with
> different number of threads (which will not affect the signer just
> yet, but can give some indication of future performance).
1 thread, 2000 signatures per thread, 325.27 sig/s (RSA 1024 bits)
2 threads, 2000 signatures per thread, 325.89 sig/s (RSA 1024 bits)
No difference here. Having 2 CPUs doesn't change that figure either.
Logging on the pkcs11 provider is disabled, enabling it slows it down
further.
as a point of reference: for softHSM :
1 thread, 2000 signatures per thread, 449.23 sig/s (RSA 1024 bits)
2 threads, 2000 signatures per thread, 443.36 sig/s (RSA 1024 bits)
> What is your setup like? OS?
The install is based on OpenSuse 11.3 in a virtual machine. Optimzed
kernel (2.6.32). Nothing really fancy or special.
Load during the real signing with keyper is almost negligeable. Packets
on the interface (during signing): 300p/s. Memory (1GB): plenty free.
If there is anything I should try, please let me know!
Best,
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the Opendnssec-user
mailing list