Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-25986

Substantial increase in response time for quarantined components

    XMLWordPrintable

    Details

    • Notability:
      2

      Description

      Customer upgraded Nexus from Nexus 3.23.0 to 3.28.0 and no other changes have been made, including to IQ server.

      The average response time for the 403 (already quarantined) response seems to have gone up from 0.05-0.1s to 1.6-1.9s.

      The request.log for  Nexus confirms this. The test with call to "/repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz", which already has "quarantineStatus=DENY". So this is not an IQ issue.

      Focusing on 02:15 time, we can see that the requests mostly took 1-5 ms on 26th with Nexus 3.23.0

      X.X.X.185 - - [26/Nov/2020:02:15:10 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2037 4 "Go-http-client/1.1" -

      X.X.X.136 - - [26/Nov/2020:02:15:12 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2037 3 "Go-http-client/1.1" -

      X.X.X.185 - - [26/Nov/2020:02:15:25 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2037 2 "Go-http-client/1.1" -

      X.X.X.136 - - [26/Nov/2020:02:15:27 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2037 2 "Go-http-client/1.1" -

      After upgrade to Nexus 3.28.0, 403 quarantined requests consistently takes around 1500ms

      X.X.X.185 - - [27/Nov/2020:02:15:11 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2197 1561 "Go-http-client/1.1" -

      X.X.X.136 - - [27/Nov/2020:02:15:13 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2197 1358 "Go-http-client/1.1" -

      X.X.X.185 - - [27/Nov/2020:02:15:26 -0500] "GET /repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz HTTP/1.1" 403 2197 1669 "Go-http-client/1.1" -

      This issue is easily reproducible.

      On 3.23.0, avg execution time for 10 iteration is 0.012 and 0.010. 

      [root@node3230 ~]# avg_time 10 curl -sf -o/dev/null "http://localhost:8081/repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz"
      real 0.012000
      user 0.000000
      sys 0.000000
      [root@node3230 ~]# avg_time 10 curl -sf -o/dev/null "http://localhost:8081/repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz"
      real 0.010000
      user 0.000000
      sys 0.000000

      On 3.28.0, 0.033 and 0.030, so nearly 3 times slower. On a heavily used production environment, the impact would be greater.

      [root@node3280 ~]# avg_time 10 curl -sf -o/dev/null "http://localhost:8081/repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz"
      real 0.033000
      user 0.000000
      sys 0.000000
      [root@node3280 ~]# avg_time 10 curl -sf -o/dev/null "http://localhost:8081/repository/pypi-proxy/packages/cvxopt/1.2.0/cvxopt-1.2.0.tar.gz"
      real 0.030000
      user 0.000000
      sys 0.000000

      Test was run on same PC.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            msurani Mahendra Surani
            Last Updated By:
            Joe Tom Joe Tom
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title