This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Performance Impact of OAuthV2 Policy

Posted on 07-04-2016 04:08 AM
Not applicable
Reply posted on --/--/---- --:-- AM

We're doing some performance testing / debugging at the moment on our Apigee on-premises install.

We're using:

- A mock backend that responds very quickly

- A plain proxy without any policies

- Multiple machines generating load via jmeter

We've seen:

-> plain proxy that just routes requests - ~5000 TPS

-> after adding an OAuthV2 policy with operation = VerifyAccessToken - ~600 TPS

Is that kind of performance impact expected when using this policy?

4 5 388
Topic Labels
5 REPLIES 5

Posted on --/--/---- --:-- AM
adas
New Member
Reply posted on --/--/---- --:-- AM

@Daniel Kift I would need few details from you before we look into this. Following are the things we would need:

- version of Apigee on-premise installer

- topology of your Apigee Edge installation

- hardware configuration of your machines

- the sample proxy bundle with your VerifyAccessToken policy

- are you calling VerifyAccessToken with the same access token or different. How many such tokens are you using in your test ?

You might think, some of these questions do not really matter because the same installation type, hardware and network configuration gave you 5000 TPS for the pass through scenario. The VerifyAccessToken policy involves calls to Cassandra datastores to verify the access token so it involves some heavy operations as compared to the passthrough scenario which is not invoking any other components. So the installed topology and hardware configurations would matter.

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to adas
Reply posted on --/--/---- --:-- AM

Also @Daniel Kift - Apigee has introduced caching into the VerifyAccessToken policy, to avoid the lookup in Cassandra. If you have an older version of Edge, you can do the same, explicitly, using PopulateCache and LookupCache policies around the VerifyAccessToken.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to DChiesa
Reply posted on --/--/---- --:-- AM

Hi Dino, I'll try that out. Out of interest, do you know which version the token caching was added in?

0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to
Reply posted on --/--/---- --:-- AM

I'm sorry, I don't know the precise version of OPDK in which the caching was introduced. Perhaps @arghya das can clarify that.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to adas
Reply posted on --/--/---- --:-- AM

Hi Arghya,

Here's some more information:

Apigee Version - 4.15.07.00

(Partial) topology -

- 4 message-processor/router nodes - 2 in each datacenter

- 6 cassandra nodes - 3 in each datacenter, with 5 zookeeper instances running.

The policy (the rest of the proxy is empty)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="true" enabled="true" name="VerifyOAuthTokenAccount">
    <DisplayName>VerifyOAuthTokenAccount</DisplayName>
    <Properties/>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>VerifyAccessToken</Operation>
    <Tokens/>
</OAuthV2>

Is there any specific hardware config you'd be interested in?

0 Likes