[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
- Subject: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
- From: george.herbert at gmail.com (George Herbert)
- Date: Fri, 1 Nov 2013 15:36:25 -0700
- In-reply-to: <[email protected]>
- References: <[email protected]> <[email protected]> <CAEd1pt41P8_Ny6sxjob3roMubwpowqgUoN4f=sVjuk6pL6iGFQ@mail.gmail.com> <[email protected]>
On Fri, Nov 1, 2013 at 3:26 PM, Niels Bakker <niels=nanog at bakker.net> wrote:
> * mikal at stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>
> Its about the CPU cost of the crypto. I was once told the number of CPUs
>> required to do SSL on web search (which I have now forgotten) and it was a
>> bigger number than you'd expect -- certainly hundreds.
>>
>
> False: https://www.imperialviolet.**org/2010/06/25/overclocking-**ssl.html<https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html>
>
> "On our production frontend machines, SSL/TLS accounts for less than 1% of
> the CPU load, less than 10KB of memory per connection and less than 2% of
> network overhead. Many people believe that SSL takes a lot of CPU time and
> we hope the above numbers (public for the first time) will help to dispel
> that."
That was *front end* SSL/TLS - not internal / back end SSL/TLS.
One could assert that the per-activity SSL/TLS overhead might be the same
for internal services accessed to answer a front-end request, but that's
not necessarily true. The code/request ratios and external/internal
SSL/TLS startup costs are going to vary wildly from service to service.
--
-george william herbert
george.herbert at gmail.com