Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 1 | .. This work is licensed under a |
| 2 | .. Creative Commons Attribution 4.0 International License. |
| 3 | .. http://creativecommons.org/licenses/by/4.0 |
| 4 | |
| 5 | .. _xacml-s3p-label: |
| 6 | |
| 7 | .. toctree:: |
| 8 | :maxdepth: 2 |
| 9 | |
| 10 | Policy XACML PDP component |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 11 | ########################## |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 12 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 13 | Both the Performance and the Stability tests were executed by performing requests |
| 14 | against the Policy RESTful APIs residing on the XACML PDP installed in the windriver |
| 15 | lab. This was running on a kubernetes pod having the following configuration: |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 16 | |
| 17 | - 16GB RAM |
| 18 | - 8 VCPU |
| 19 | - 160GB Disk |
| 20 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 21 | Both tests were run via jmeter, which was installed on a separate VM so-as not |
| 22 | to impact the performance of the XACML-PDP being tested. |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 23 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 24 | Performance Test of Policy XACML PDP |
| 25 | ************************************ |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 26 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 27 | Summary |
| 28 | ======= |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 29 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 30 | The Performance test was executed, and the result analyzed, via: |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 31 | |
| 32 | .. code-block:: bash |
| 33 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 34 | jmeter -Jduration=1200 -Jusers=10 \ |
| 35 | -Jxacml_ip=$ip -Jpap_ip=$ip -Japi_ip=$ip \ |
| 36 | -Jxacml_port=31104 -Jpap_port=32425 -Japi_port=30709 \ |
| 37 | -n -t perf.jmx |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 38 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 39 | ./result.sh |
Pamela Dragosh | ba45dc6 | 2020-04-16 09:27:44 -0400 | [diff] [blame] | 40 | |
Jim Hahn | 8f35a81 | 2020-05-05 13:08:13 -0400 | [diff] [blame] | 41 | Note: the ports listed above correspond to port 6969 of the respective components. |
| 42 | |
| 43 | The performance test, perf.jmx, runs the following, all in parallel: |
| 44 | |
| 45 | - Healthcheck, 10 simultaneous threads |
| 46 | - Statistics, 10 simultaneous threads |
| 47 | - Decisions, 10 simultaneous threads, each running the following in sequence: |
| 48 | |
| 49 | - Monitoring Decision |
| 50 | - Monitoring Decision, abbreviated |
| 51 | - Naming Decision |
| 52 | - Optimization Decision |
| 53 | - Default Guard Decision (always "Permit") |
| 54 | - Frequency Limiter Guard Decision |
| 55 | - Min/Max Guard Decision |
| 56 | |
| 57 | When the script starts up, it uses policy-api to create, and policy-pap to deploy, |
| 58 | the policies that are needed by the test. It assumes that the "naming" policy has |
| 59 | already been created and deployed. Once the test completes, it undeploys and deletes |
| 60 | the policies that it previously created. |
| 61 | |
| 62 | Results |
| 63 | ======= |
| 64 | |
| 65 | The test was run for 20 minutes at a time, for different numbers of users (i.e., |
| 66 | threads), with the following results: |
| 67 | |
| 68 | .. csv-table:: |
| 69 | :header: "Number of Users", "Throughput (requests/second)", "Average Latency (ms)" |
| 70 | |
| 71 | 10, 6064, 4.1 |
| 72 | 20, 6495, 7.2 |
| 73 | 40, 6457, 12.2 |
| 74 | 80, 5803, 21.3 |
| 75 | |
| 76 | |
| 77 | Stability Test of Policy XACML PDP |
| 78 | ************************************ |
| 79 | |
| 80 | Summary |
| 81 | ======= |
| 82 | |
| 83 | The Stability test was run with the same pods/VMs and uses the same jmeter script as the |
| 84 | performance test, except that it was run for 72 hours instead of 20 minutes. In |
| 85 | addition, it was run in the background via "nohup", to prevent it from being interrupted: |
| 86 | |
| 87 | .. code-block:: bash |
| 88 | |
| 89 | nohup jmeter -Jduration=259200 \ |
| 90 | -Jxacml_ip=$ip -Jpap_ip=$ip -Japi_ip=$ip \ |
| 91 | -Jxacml_port=31104 -Jpap_port=32425 -Japi_port=30709 \ |
| 92 | -n -t perf.jmx & |
| 93 | |
| 94 | The memory and CPU usage can be monitored by running "top" on the xacml pod. By taking |
| 95 | a snapshot before the test is started, and again when it completes, the total CPU used |
| 96 | by all of the requests can be computed. |
| 97 | |
| 98 | Results |
| 99 | ======= |
| 100 | |
| 101 | The final output of the jmeter script is found in the nohup.out file: |
| 102 | |
| 103 | .. image:: images/xacml-s3p-jmeter.png |
| 104 | |
| 105 | The final memory and CPU from "top": |
| 106 | |
| 107 | .. image:: images/xacml-s3p-top.png |
| 108 | |
| 109 | The through-put reported by jmeter was 4849 requests/second, with 0 errors. In addition, |
| 110 | the memory usage observed via "top" indicated that the virtual memory and resident set |
| 111 | sizes remained virtually unchanged through-out the test. |
| 112 | |
| 113 | Unfortunately, the initial CPU usage was not recorded, so the CPU time reported in |
| 114 | the "top" screen-shot includes XACML-PDP start-up time as well as requests that were |
| 115 | executed before the stability test was started. Nevertheless, even including that, we find: |
| 116 | |
| 117 | .. code-block:: bash |
| 118 | |
| 119 | 13,166 CPU minutes * 60sec/min * 1000ms/sec / 1,256,834,239 requests = 0.63ms/request |