Git Product home page Git Product logo

Comments (3)

elasticsearchmachine avatar elasticsearchmachine commented on July 20, 2024

Pinging @elastic/es-security (Team:Security)

from elasticsearch.

albertzaharovits avatar albertzaharovits commented on July 20, 2024

@howardhuanghua Thank you for raising this issue.
In order to investigate this further can you please share the details of the setup you've been using?
Details such as ES configuration and deployment details and details on the load generator.

from elasticsearch.

howardhuanghua avatar howardhuanghua commented on July 20, 2024

Hi @albertzaharovits , we can use a less pressure load test to reproduce, add some wrong password auth requests.

  1. Create 3 ES nodes cluster with x-pack security enabled in 8.11.
xpack.security.authc.reserved_realm.enabled: false
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: certs/ces-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/ces-certificates.p12
xpack.security.transport.ssl.verification_mode: certificate

Single node with 4Core 16GB memory, JVM heap 8GB.

  1. Start two bulk pressure test processors. The first one use the right auth info, the second one use wrong password.

The first test processor run with single thread concurrency in 5mins, result metrics:

Requests/sec:           2.01
Request Traffic/sec:    3.64MB
Total Transfer/sec:     7.65MB
Avg Req Time:           498.33887ms
Fastest Request:        263.07976ms
Slowest Request:        657.623901ms
Number of Errors:       0
Number of Invalid:      0
Status 200:             602

[Estimated Server Metrics]
Requests/sec:           2.36
Transfer/sec:           9.01MB
Avg Req Time:           423.049417ms

The second test processor run with two threads concurrency in 5mins, result metrics:

Requests/sec:           11.39
Request Traffic/sec:    20.68MB
Total Transfer/sec:     20.68MB
Avg Req Time:           87.770626ms
Fastest Request:        78.9918ms
Slowest Request:        249.787704ms
Number of Errors:       0
Number of Invalid:      0
Status 401:             3418

[Estimated Server Metrics]
Requests/sec:           20.75
Transfer/sec:           37.67MB
Avg Req Time:           96.373208ms

It's easy to re-produce in a less load pressure test with wrong auth requests.

In a production environment, some security attacks can severely impact the performance of an ES server if there are a large number of incorrect password requests.

from elasticsearch.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.