istio.io
istio.io copied to clipboard
Update to Istio performance blog
https://istio.io/latest/blog/2022/cryptomb-privatekeyprovider/#performance
- can we get the blog data based on an official Istio release, like 1.14?
- can we point to a repo that contains the performance test scripts?
- Istio latency of 38ms is confusing as it is for istio ingress gateway (does this also count any network latency before hitting the gateway pod)? Also: do we have similar data for sidecars?
comment from @howardjohn https://github.com/istio/istio.io/pull/11302#discussion_r898212246
Hi @linsun, @howardjohn and thanks for the update.
We will do the following things to clarify the benchmarking numbers in the blogpost:
- [x] 1. We will add a paragraph to the blog to explain that the latency numbers can't be compared to upstream Istio latency numbers due to a) different client tool (k6 vs. fortio), b) different setup (client, gateway and server running on separate nodes) adds network latency and c) each HTTP request creates new TLS handshake.
- [x] 2. We will share the benchmarking script so people can replicate the measurements
- [x] 3. We will re-run the benchmarking with just single node
- [ ] 4. We will work with the fortio and envoy projects to be able to use fortio similar to k6 (new TLS for each HTTP) request. See discussion here.
- [ ] 5. We'll work with the istio upstream to add our measurement scripts and tools to the istio/tools repo.
- We will add a paragraph to the blog to explain that the latency numbers can't be compared to upstream Istio latency numbers due to a) different client tool (k6 vs. fortio), b) different setup (client, gateway and server running on separate nodes) adds network latency and c) each HTTP request creates new TLS handshake.
Submitted a clarification https://github.com/istio/istio.io/pull/11449. Please take a look @poussa @irisdingbj @linsun @howardjohn
Can you run it over localhost? It is a bit misleading to test over WAN since it influences numbers substantially and takes away from the benefits
Yes, we'll do that. It is step number 3 above. Need to get bigger instance (more vCPUs) since everything won't fit into 4 vCPU as we did for the blog post.
Here are the details how we currently run the benchmarking. That is, client (k6), gateway and server (fortio) are all in separate nodes.
@linsun @howardjohn we re-run the numbers on single node cluster (GCP, updates in gist). Not much change in the numbers (need to check why the CryptoMB numbers aren't better).
So I think the summary is that the different tools (k6 vs fortio) produce totally different numbers which can't be compared. Next, we'll dig into that topic.