[openstack-dev] Concerns about the ballooning size of keystone tokens
Adam Young
ayoung at redhat.com
Wed May 21 15:25:33 UTC 2014
On 05/21/2014 11:09 AM, Chuck Thier wrote:
> There is a review for swift [1] that is requesting to set the max
> header size to 16k to be able to support v3 keystone tokens. That
> might be fine if you measure you request rate in requests per minute,
> but this is continuing to add significant overhead to swift. Even if
> you *only* have 10,000 requests/sec to your swift cluster, an 8k token
> is adding almost 80MB/sec of bandwidth. This will seem to be equally
> bad (if not worse) for services like marconi.
>
> When PKI tokens were first introduced, we raised concerns about the
> unbounded size of of the token in the header, and were told that uuid
> style tokens would still be usable, but all I heard at the summit, was
> to not use them and PKI was the future of all things.
>
> At what point do we re-evaluate the decision to go with pki tokens,
> and that they may not be the best idea for apis like swift and marconi?
Keystone tokens were slightly shrunk at the end of the last release
cycle by removing unnecessary data from each endpoint entry.
Compressed PKI tokens are enroute and will be much smaller.
>
> Thanks,
>
> --
> Chuck
>
> [1] https://review.openstack.org/#/c/93356/
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140521/b4d95d67/attachment.html>
More information about the OpenStack-dev
mailing list