1

Xin WangXin Wang

Internet Real -Time LaboratoryInternet Real -Time Laboratory

Columbia University

(Joint work with Henning Schulzrinne, Dilip Kandlur, and Dinesh Verma) http://www.cs.columbia.edu/~xinwanghttp://www.cs.columbia.edu/~xinwang

2

• Introduction to LDAP Introduction to LDAP • MotivationMotivation• BackgroundBackground• Experimental SetupExperimental Setup• Test MethodologyTest Methodology• Result AnalysisResult Analysis• Related Work Related Work • ConclusionConclusion

OutlineOutline

3

• Directory ServiceDirectory Service– A simplified database, primarily for high volume efficient A simplified database, primarily for high volume efficient

reads; no database mechanisms to support roll-back of reads; no database mechanisms to support roll-back of transactions transactions

• LDAP: Lightweight Directory Access Protocol LDAP: Lightweight Directory Access Protocol – A distributed client-server model over TCP/IPA distributed client-server model over TCP/IP– Can access stand-alone directory servers or X.500 Can access stand-alone directory servers or X.500

directoriesdirectories

What is LDAP?What is LDAP?

4

• Wide use of LDAPWide use of LDAP– personnel databases for administration, tracking personnel databases for administration, tracking

schedules, address translation for IP telephony, schedules, address translation for IP telephony, storage of network configuration, etc.storage of network configuration, etc.

• Performance ofPerformance of LDAP?LDAP?– relatively static data, caching to improve performance relatively static data, caching to improve performance – Can LDAP be used in a dynamic environment with Can LDAP be used in a dynamic environment with

frequent searches?frequent searches?

MotivationMotivation

5

Background: LDAP StructureBackground: LDAP Structure

• Tree structure: entry, attributes, valuesTree structure: entry, attributes, values• Operations: add, delete, modify, compare, and Operations: add, delete, modify, compare, and

search.search.

6

Background (cont’d.)Background (cont’d.)

• LDAPLDAP for for SLSSLS AdministrationAdministration– A better than best effort service, e.g., int-serv, diff-serv, A better than best effort service, e.g., int-serv, diff-serv,

requires a service level specification (SLS) between the requires a service level specification (SLS) between the network and customernetwork and customer

– SLS specifies type of service, user traffic constraints, SLS specifies type of service, user traffic constraints, quality expected, etc. May be dynamically negotiatedquality expected, etc. May be dynamically negotiated

– LDAP directory contains: SLS, policy rules, network LDAP directory contains: SLS, policy rules, network provisioning informationprovisioning information

7

LDAP Structure for SLS ManagementLDAP Structure for SLS Management

– Management tools are used to populate and maintain Management tools are used to populate and maintain LDAP directoryLDAP directory

– Decision entities download classification rules, service Decision entities download classification rules, service specifications, and poll directory periodically.specifications, and poll directory periodically.

– Enforcement entities query rules from the decision entities Enforcement entities query rules from the decision entities and enforce themand enforce them

8

LDAP Tree Structure in the ExperimentsLDAP Tree Structure in the Experiments

9

Experimental SetupExperimental Setup• Hardware: Hardware:

– Server: dual Ultra-2 processors, 200 MHz CPUs, 256 MB Server: dual Ultra-2 processors, 200 MHz CPUs, 256 MB main memory; server was bound to one of the CPUs.main memory; server was bound to one of the CPUs.

– Clients: Ultra1, 170 MHz CPU, 128 MB main memoryClients: Ultra1, 170 MHz CPU, 128 MB main memory– 10 Mb/s Ethernet10 Mb/s Ethernet

• LDAP server:LDAP server:– OpenLDAP 1.2, Berkeley DB 2.4.14OpenLDAP 1.2, Berkeley DB 2.4.14– Stand -alone LDAP daemon (slapd) : front end handling Stand -alone LDAP daemon (slapd) : front end handling

communication with LDAP clients, and backend handling communication with LDAP clients, and backend handling database operations.database operations.

– LDBM backend: a high performance disk-based databaseLDBM backend: a high performance disk-based database– cachesizecachesize: size in entries of in-memory cache; variable size: size in entries of in-memory cache; variable size– dbcachesizedbcachesize: size in bytes of the in-memory cache : size in bytes of the in-memory cache

associated with each open index file; 10 MBassociated with each open index file; 10 MB

10

Experimental Setup (cont’d)Experimental Setup (cont’d)

• LDAP ClientLDAP Client

11

• Search is likely to dominate the server operations, Search is likely to dominate the server operations, mainly test mainly test searchsearch performance for downloading performance for downloading policy rulespolicy rules

• Search filter: interface address, and corresponding Search filter: interface address, and corresponding policy object policy object

• Default parameters: Default parameters: – Directory size: 10,000 entriesDirectory size: 10,000 entries– Entry size: 488 bytes Entry size: 488 bytes

• Search operation steps:Search operation steps:– ldap_open, ldap_bind, ldap_search, ldap_unbindldap_open, ldap_bind, ldap_search, ldap_unbind

Test MethodologyTest Methodology

12

Search SequencesSearch Sequences

13

Performance Measures and ObjectivesPerformance Measures and Objectives

• Latencies:Latencies:– Connect: ldap_open + ldap_bindConnect: ldap_open + ldap_bind– Processing: ldap_search + result transmissionProcessing: ldap_search + result transmission– Response: ldap_open -> ldap_unbind Response: ldap_open -> ldap_unbind

(~connect+processing)(~connect+processing)

• Server throughput: requests served per secondServer throughput: requests served per second• Objectives: use latencies and throughput to evaluateObjectives: use latencies and throughput to evaluate

– Overall LDAP performance Overall LDAP performance – Effect of individual system components on performanceEffect of individual system components on performance– System scalability and performance limitsSystem scalability and performance limits– Performance under update loadPerformance under update load– Measures to improve system performanceMeasures to improve system performance

14

Overall PerformanceOverall Performance

Average connection time, Average connection time, processing time, and response processing time, and response timetime

Average server throughputAverage server throughput

15

Components of LDAP Search LatencyComponents of LDAP Search Latency

Client Server

16

Components of LDAP Connect LatencyComponents of LDAP Connect Latency

17

Effect of Nagle AlgorithmEffect of Nagle Algorithm

Average server throughputAverage server throughputAverage server connection , Average server connection , processing, and response timeprocessing, and response time

18

Effect of Caching EntriesEffect of Caching Entries

Average server throughputAverage server throughputAverage connection, processing , Average connection, processing , and response time with 10,000 entry and response time with 10,000 entry cache and without cachecache and without cache

19

Single vs. Dual ProcessorSingle vs. Dual Processor

Average server throughputAverage server throughputAverage server connection, Average server connection, processing, and response timeprocessing, and response time

20

Single vs. Dual Processor (cont’d)Single vs. Dual Processor (cont’d)

Read and write throughputRead and write throughput

21

Scaling of Directory SizeScaling of Directory Size

Average server throughput Average server throughput Average connection and processing Average connection and processing time time

a)10,000 entries in DB, 10,000 in cache; b) 50,000 DB, 50,000 cache; a)10,000 entries in DB, 10,000 in cache; b) 50,000 DB, 50,000 cache; c)100,000 DB, 50,000 cachec)100,000 DB, 50,000 cache

22

Scaling of Directory Entry Size (in-memory)Scaling of Directory Entry Size (in-memory)

Average server throughputAverage server throughputAverage connection and Average connection and processing timeprocessing time

(488 bytes vs. 4880 bytes)(488 bytes vs. 4880 bytes)

23

Scaling of Directory Entry Size (out-of-memory)Scaling of Directory Entry Size (out-of-memory)

Average server throughputAverage server throughputAverage server connection time Average server connection time and processing timeand processing time

(488 bytes vs. 4880 bytes)(488 bytes vs. 4880 bytes)

24

Connection ReuseConnection Reuse

Average server throughputAverage server throughputAverage server processing timeAverage server processing time

(no reuse, 25 % reuse, 50% reuse, 75% reuse, 100% reuse)(no reuse, 25 % reuse, 50% reuse, 75% reuse, 100% reuse)

25

Latency and Throughput for Search and AddLatency and Throughput for Search and Add

Average server throughputAverage server throughputAverage server connect, Average server connect, processing, and response timeprocessing, and response time

26

Related WorkRelated Work

• MindcraftMindcraft– Netscape Directory Server 3.0 (NSD3), Netscape Netscape Directory Server 3.0 (NSD3), Netscape

Directory Server 1.0 (NSD1), Novell LDAP services Directory Server 1.0 (NSD1), Novell LDAP services (NDS)(NDS)

– 10,000 entry personnel DB10,000 entry personnel DB– Pentium Pro 200 MHz, 512 MB RAMPentium Pro 200 MHz, 512 MB RAM– All experiments are in memoryAll experiments are in memory– ThroughputThroughput

• NSD3: 183 requests/secondNSD3: 183 requests/second• NSD1: 38.4 requests/secondNSD1: 38.4 requests/second• NDS: 0.8 requests/secondNDS: 0.8 requests/second• CPU is found to be the bottleneckCPU is found to be the bottleneck

27

ConclusionConclusion

• General Results:General Results:– response latency 8 ms up to 105 requests/second response latency 8 ms up to 105 requests/second – Maximum throughput 140 requests/second Maximum throughput 140 requests/second – 5 ms processing latency - 36% from backend, 64% from 5 ms processing latency - 36% from backend, 64% from

front endfront end– Connect time dominates at high load, and limits the Connect time dominates at high load, and limits the

throughput throughput

• Disabling Nagle Algorithm reduces latency about 50 Disabling Nagle Algorithm reduces latency about 50 msms

• Entry Caching:Entry Caching:– for 10,000 entry directory, caching all entries gives 40% for 10,000 entry directory, caching all entries gives 40%

improvement in processing time, 25% improvement in improvement in processing time, 25% improvement in throughputthroughput

28

Conclusion (cont’d)Conclusion (cont’d)

• Scaling with Directory Size - determined by Scaling with Directory Size - determined by back-end processingback-end processing– In memory operation, 10,000 -> 50,000: processing In memory operation, 10,000 -> 50,000: processing

time increases 60%, throughput reduces 21%.time increases 60%, throughput reduces 21%.– Out-of-memory, 50,000 ->100,000: processing time Out-of-memory, 50,000 ->100,000: processing time

increases another 87%, and throughput reduces 23%. increases another 87%, and throughput reduces 23%.

• Scaling with Entry Size (488 ->4880 bytes):Scaling with Entry Size (488 ->4880 bytes):– In-memory, mainly increase in front-end processing, In-memory, mainly increase in front-end processing,

i.e., time for ASN.1 encoding . Processing time i.e., time for ASN.1 encoding . Processing time increases 8 ms, 88% due to ASN.1 encoding, and increases 8 ms, 88% due to ASN.1 encoding, and throughput reduces 30%. throughput reduces 30%.

– Out-of-memory, throughput reduces 70%, mainly due Out-of-memory, throughput reduces 70%, mainly due to increased data transfer time. to increased data transfer time.

29

Conclusion (cont’d)Conclusion (cont’d)

• CPU: CPU: – During in-memory operation, dual processors improve During in-memory operation, dual processors improve

performance by 40%.performance by 40%.

• Connection Re-use:Connection Re-use:– 60% performance gain when connection left open. 60% performance gain when connection left open.