istio.io icon indicating copy to clipboard operation
istio.io copied to clipboard

Published 20 hours ago verified publisher icon istio

Update to Istio performance blog

Open linsun opened this issue 2 years ago • 7 comments

https://istio.io/latest/blog/2022/cryptomb-privatekeyprovider/#performance

  • can we get the blog data based on an official Istio release, like 1.14?
  • can we point to a repo that contains the performance test scripts?
  • Istio latency of 38ms is confusing as it is for istio ingress gateway (does this also count any network latency before hitting the gateway pod)? Also: do we have similar data for sidecars?

linsun avatar Jun 15 '22 17:06 linsun

comment from @howardjohn https://github.com/istio/istio.io/pull/11302#discussion_r898212246

linsun avatar Jun 15 '22 17:06 linsun

Hi @linsun, @howardjohn and thanks for the update.

We will do the following things to clarify the benchmarking numbers in the blogpost:

  • [x] 1. We will add a paragraph to the blog to explain that the latency numbers can't be compared to upstream Istio latency numbers due to a) different client tool (k6 vs. fortio), b) different setup (client, gateway and server running on separate nodes) adds network latency and c) each HTTP request creates new TLS handshake.
  • [x] 2. We will share the benchmarking script so people can replicate the measurements
  • [x] 3. We will re-run the benchmarking with just single node
  • [ ] 4. We will work with the fortio and envoy projects to be able to use fortio similar to k6 (new TLS for each HTTP) request. See discussion here.
  • [ ] 5. We'll work with the istio upstream to add our measurement scripts and tools to the istio/tools repo.

poussa avatar Jun 16 '22 08:06 poussa

  1. We will add a paragraph to the blog to explain that the latency numbers can't be compared to upstream Istio latency numbers due to a) different client tool (k6 vs. fortio), b) different setup (client, gateway and server running on separate nodes) adds network latency and c) each HTTP request creates new TLS handshake.

Submitted a clarification https://github.com/istio/istio.io/pull/11449. Please take a look @poussa @irisdingbj @linsun @howardjohn

rveerama1 avatar Jun 16 '22 12:06 rveerama1

Can you run it over localhost? It is a bit misleading to test over WAN since it influences numbers substantially and takes away from the benefits

howardjohn avatar Jun 16 '22 15:06 howardjohn

Yes, we'll do that. It is step number 3 above. Need to get bigger instance (more vCPUs) since everything won't fit into 4 vCPU as we did for the blog post.

poussa avatar Jun 16 '22 15:06 poussa

Here are the details how we currently run the benchmarking. That is, client (k6), gateway and server (fortio) are all in separate nodes.

poussa avatar Jun 16 '22 16:06 poussa

@linsun @howardjohn we re-run the numbers on single node cluster (GCP, updates in gist). Not much change in the numbers (need to check why the CryptoMB numbers aren't better).

So I think the summary is that the different tools (k6 vs fortio) produce totally different numbers which can't be compared. Next, we'll dig into that topic.

poussa avatar Jun 17 '22 13:06 poussa