[SoapRMI] Re: gsi is very slow with XSOAP

Warren Smith wwsmith_at_arc.nasa.gov
Thu, 28 Mar 2002 13:48:39 -0800 

Jarek Gawor wrote:

>Hey Warren,
>
>>Warren Smith wrote:
>>
>>>More importantly, we've found that using cog_delegation is amazingly,
>>>unbearably slow. I timed it at about 25-30 seconds for the first method
>>>call on a relatively new Sun box. This is much too slow for us to use. I
>>>assume that it is CoG that is slow, not XSOAP, but do you know if the
>>>globus folks are working on this?
>>>
>
>Yes, this is way too slow. What VM version are you using? You can enable
>debugging in cog to see exactly where it gets stuck. The actual problem is
>not delegation but secure seed generation. However, once the seed is
>generated everything will work fine. Under Linux for example, we use an
>optimization to obtain the secure seed from a '/dev/urandom' device and so
>the start up time is much faster.
>
java -version
java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1-b24)
Java HotSpot(TM) Client VM (build 1.3.1-b24, mixed mode)

>>hi,
>>
>>i heard they plan to move away from IAIK in direction of JSSE
>>and/or open source
>>SSL toolkit but did not hear recently anything about it.
>>
>>>Do you have any ideas for how it can
>>>be sped up?
>>>
>
>We are currently working on the new API based on JSSE.... There are two ways
>to speed it up. One is to install the /dev/urandom device on your machine
>(the last time I looked it was supported under Solaris - it comes standard
>with Linux) Another way is to implement a faster seed generator (it can be
>easily plugged into Java and will work with any SSL impl.) However, the main
>problem with implementing a seed generator is implementing it correctly so
>it truly returns a random number....
>
Ah ha! I was using a Solaris box and I don't see any /dev/urandom or 
similar.

I'm doing this same test on an irix box but without doing any delegating 
(jdk 1.3 again). I don't see any /dev/urandom or similar. It is taking 
about 15 seconds for a xsoap client to connect to and call a method on 
an xsoap server on the same machine using cog security. But, it takes a 
fraction of a second to gsissh from the irix box, to itself (or to any 
other machine around here).

It seems to me the exact same security mechanisms are being used. Is 
this correct? If this is true, why is the Java code so much slower? 
Different seed generator? Java is 50 or 100 times slower than C? The 
algorithms are implemented better in C? Has anyone done any benchmarks 
of OpenSSL vs IAIK vs JSSE vs ...?


Warren