-
Notifications
You must be signed in to change notification settings - Fork 127
Open
Description
If we look at the current architecture, we have a near-optimal (in performance) design for the goal of "mTLS encrypt all traffic". However, there is some remaining gaps around the overhead of HTTP2 in our path. This issue tracks minimizing that.
To understand the overhead, I compared HBONE vs plain TLS (with ztunnel code still). Results:
Throughput (1 con): HBONE actually wins here. Likely due to some buffer sizing, though not exactly sure the details. plain TLS performance is directly related to how close to 16k the buffer is sized.
Throughput (>1 con): plain TLS dominates due to #1174
Latency: HBONE is about 12% slower here
Metadata
Metadata
Assignees
Labels
No labels