_posts/2018-01-30-ignite.markdown - infrastructure-blogs-archive - Git at Google

 ---
 layout: post
 title: Meltdown and Spectre patches show negligible impact to Apache Ignite performance
 date: '2018-01-30T00:00:00+00:00'
 categories: ignite
 ---
 <p>
 As promised in my <a href="https://blogs.apache.org/ignite/entry/protecting-apache-ignite-from-meltdown">initial blog post</a> on this matter, Apache Ignite community applied security patches against the notorious Meltdown Spectre vulnerabilities and completed performance testing of general operations and workloads that are typical for Ignite deployments.
 </p>

 <p>
 The security patches were applied only for <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5754" target="_blank">CVE-2017-5754</a> (Meltdown) and <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5753" target="_blank">CVE-2017-5753</a> (Spectre Variant 1) vulnerabilities. The patches for <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5715" target="_blank">CVE-2017-5715</a> (Spectre Variant 2) for the hardware the community used for testing are not stable yet an can <a href="https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/" target="_blank">cause system reboot issues or another unpredictable behavior</a>.
 </p>

 <p>
 The applied patches have shown that the performance implications are negligible - the performance drop is just in the 0 - 7% range as the figure shows:
 </p>

 <p><img alt="Spectre_and_Meltdown_Benchmarks" src="https://www.gridgain.com/sites/default/files/inline-images/meltdown-benchmarks.png" width="800" height="2040"/></p>

 <p>
 Thus, Apache Ignite community highly recommends its customers and partners to consider security patches for CVE-2017-5754 (Meltdown) and CVE-2017-5753 (Spectre Variant 1) in their deployment environments and contact us on the user list if you run into a larger performance drop in your use case.
 </p>

 <p>
 At the same time, we're keeping an eye on Intel announcements and will validate the performance implications of Spectre Variant 2 once a solution is released by the hardware vendor.
 </p>

 <p>
 Just for your reference, the benchmarks were executed in the following environment and configuration.
 </p>

 <h1>Benchmarking Environment</h1>

 Cluster Configuration:
 <ul>
 <li>4 servers and 8 client nodes</li>
 <li>Apache Ignite version: 2.4.0</li>
 </ul>

 Hardware:
 <ul>
 <li>Huawei RH2288 V3, CPU - 2x Xeon E5-2609 v4, 1.7GHz, RAM - 96Gb, SSD - 3x800Gb RAID0 2.4Tb, Network - 10Gb/s</li>
 <li>DEll R610, CPU - 2x Xeon X5570, RAM - 96Gb, SSD - 512Gb, HDD -  2048GB, Network - 10Gb/s</li>
 </ul>

 Operating System:
 <ul>
 <li>OS CentOS Linux release 7.4.1708 (Core)</li>
 <li>Kernel - Linux 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64</li>
 </ul>
	---
	layout: post
	title: Meltdown and Spectre patches show negligible impact to Apache Ignite performance
	date: '2018-01-30T00:00:00+00:00'
	categories: ignite
	---
	<p>
	As promised in my <a href="https://blogs.apache.org/ignite/entry/protecting-apache-ignite-from-meltdown">initial blog post</a> on this matter, Apache Ignite community applied security patches against the notorious Meltdown Spectre vulnerabilities and completed performance testing of general operations and workloads that are typical for Ignite deployments.
	</p>

	<p>
	The security patches were applied only for <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5754" target="_blank">CVE-2017-5754</a> (Meltdown) and <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5753" target="_blank">CVE-2017-5753</a> (Spectre Variant 1) vulnerabilities. The patches for <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5715" target="_blank">CVE-2017-5715</a> (Spectre Variant 2) for the hardware the community used for testing are not stable yet an can <a href="https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/" target="_blank">cause system reboot issues or another unpredictable behavior</a>.
	</p>

	<p>
	The applied patches have shown that the performance implications are negligible - the performance drop is just in the 0 - 7% range as the figure shows:
	</p>

	<p><img alt="Spectre_and_Meltdown_Benchmarks" src="https://www.gridgain.com/sites/default/files/inline-images/meltdown-benchmarks.png" width="800" height="2040"/></p>

	<p>
	Thus, Apache Ignite community highly recommends its customers and partners to consider security patches for CVE-2017-5754 (Meltdown) and CVE-2017-5753 (Spectre Variant 1) in their deployment environments and contact us on the user list if you run into a larger performance drop in your use case.
	</p>

	<p>
	At the same time, we're keeping an eye on Intel announcements and will validate the performance implications of Spectre Variant 2 once a solution is released by the hardware vendor.
	</p>

	<p>
	Just for your reference, the benchmarks were executed in the following environment and configuration.
	</p>

	<h1>Benchmarking Environment</h1>

	Cluster Configuration:
	<ul>
	<li>4 servers and 8 client nodes</li>
	<li>Apache Ignite version: 2.4.0</li>
	</ul>

	Hardware:
	<ul>
	<li>Huawei RH2288 V3, CPU - 2x Xeon E5-2609 v4, 1.7GHz, RAM - 96Gb, SSD - 3x800Gb RAID0 2.4Tb, Network - 10Gb/s</li>
	<li>DEll R610, CPU - 2x Xeon X5570, RAM - 96Gb, SSD - 512Gb, HDD - 2048GB, Network - 10Gb/s</li>
	</ul>

	Operating System:
	<ul>
	<li>OS CentOS Linux release 7.4.1708 (Core)</li>
	<li>Kernel - Linux 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64</li>
	</ul>