-
Notifications
You must be signed in to change notification settings - Fork 12.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Cache token to improve performance 缓存Token来提高接口的性能 #9906
Labels
kind/discussion
Category issues related to discussion
Comments
实测鉴权tps可以到9000,大约5倍提升,个人觉得方案可行 |
前几天不是有PR和ISSUE对这块进行重构了吗? 研究过那个了吗? |
研究和讨论过,跟cache缓存的方案不冲突 |
MajorHe1
added a commit
to MajorHe1/nacos
that referenced
this issue
Feb 7, 2023
5 tasks
MajorHe1
added a commit
to MajorHe1/nacos
that referenced
this issue
Feb 8, 2023
MajorHe1
added a commit
to MajorHe1/nacos
that referenced
this issue
Feb 8, 2023
MajorHe1
added a commit
to MajorHe1/nacos
that referenced
this issue
Feb 8, 2023
MajorHe1
added a commit
to MajorHe1/nacos
that referenced
this issue
Feb 8, 2023
MajorHe1
added a commit
to MajorHe1/nacos
that referenced
this issue
Feb 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ISSUE #9859 从token生成的角度来优化服务端的性能表现,取得了一定的效果,但是token的验证依然是非常耗时的。
在实际使用的场景中,默认 auth.enable = true 开启鉴权,客户端携带token访问服务端的查询接口(无论是配置发现还是服务发现),在服务端 4C8G的配置下,实测QPS都在两千上下。如果关闭鉴权,QPS在一万三左右。
鉴权这一块最主要的耗时是要验证token的合法性,需要解析token。
现在有一个简单的设想,如果把token缓存起来,直接内存字符串比对而不是解析,是不是就能大幅提升性能了?
实测,直接内存字符串比对,同等配置QPS接近关闭鉴权的效果。
并且,缓存token的方案,我们在生产上已经稳定运行了超过一年的时间。
跟@hujun-w-2 大佬对方案进行过简单的讨论和review,现在考虑发起社区讨论是否将这个能力提交给社区。
实现方案简述:
代码实现简述:
1、新增CachedJwtTokenManager 和 DelegateTokenManager
2、配置文件新增 nacos.core.auth.plugin.nacos.token.cache.enable字段开关,默认关。
3、原生NacosAuthManager中的tokenManager 的bean改成DelegateTokenManager
4、在DelegateTokenManager中进行cache开关判断。如果不开启,走原始的JwtTokenManager逻辑。如果开启,走CachedJwtTokenManager 逻辑。
方案缺陷:
缓存Token一定会带来额外的内存开销
请大家看一下这个方案是否有实现的必要,或者需要改进的地方,谢谢。
The text was updated successfully, but these errors were encountered: