Skip to content

Cut the HBONE overhead #1476

@howardjohn

Description

@howardjohn

If we look at the current architecture, we have a near-optimal (in performance) design for the goal of "mTLS encrypt all traffic". However, there is some remaining gaps around the overhead of HTTP2 in our path. This issue tracks minimizing that.

To understand the overhead, I compared HBONE vs plain TLS (with ztunnel code still). Results:

Throughput (1 con): HBONE actually wins here. Likely due to some buffer sizing, though not exactly sure the details. plain TLS performance is directly related to how close to 16k the buffer is sized.
Throughput (>1 con): plain TLS dominates due to #1174
Latency: HBONE is about 12% slower here

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions