filters/auth: use sync.Map for tokeninfo cache #3267
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
AlexanderYastrebov
commented
Oct 9, 2024
AlexanderYastrebov
commented
- use sync.Map for tokeninfo cache to avoid synchronizing all callers on a single mutex
- evict stale entries periodically instead of least recently used
- store token expiration time instead of creation time
AlexanderYastrebov
added
the
major
AlexanderYastrebov
force-pushed
the
filters/auth/tokeninfocache-syncmap
branch
from
67cd561 to
813bf2a
Compare
| info: info, | ||
| href: c.history.PushFront(token), | ||
| func (c *tokeninfoCache) evictLoop() { | ||
| ticker := time.NewTicker(time.Minute) |
There was a problem hiding this comment.
Does it make sense this time.Minute configurable at the next PR?
There was a problem hiding this comment.
I am not sure which other value would be good.
| mu sync.Mutex | ||
| cache map[string]*entry | ||
| // least recently used token at the end | ||
| history *list.List |
There was a problem hiding this comment.
I see you would like to keep tokeninfo filter lock-free, that is why you are thinking about not keeping history any more.
However, there is a data structure which acts like a list and has lock-free implementations (at least in theory). https://en.wikipedia.org/wiki/Skip_list
Do you think it makes sense to try to obtain this data structure to have lock-free history access and not evict random items?
There was a problem hiding this comment.
It was used to evict oldest entries when cache grows over the limit.
This change simplifies this by simply removing random items if number of cached items is over the size limit.
It also adds a metric for monitoring.
In production setup one should have cache size set large enough such that entries are never evicted due to overflow. This way there is no need to complicate eviction algorithm, keep access history or use clever datastructures.
MustafaSaber
reviewed
Oct 9, 2024
szuecs
reviewed
Oct 9, 2024
szuecs
reviewed
Oct 9, 2024
AlexanderYastrebov
force-pushed
the
filters/auth/tokeninfocache-syncmap
branch
from
813bf2a to
818dd4d
Compare
AlexanderYastrebov
force-pushed
the
filters/auth/tokeninfocache-syncmap
branch
from
818dd4d to
c429f5e
Compare
szuecs
reviewed
Jan 5, 2025
* use sync.Map for tokeninfo cache to avoid synchronizing all callers
on a single mutex
* evict stale entries periodically instead of least recently used
* store token expiration time instead of creation time
```
│ master │ HEAD │
│ sec/op │ sec/op vs base │
TokeninfoCache/tokens=1,cacheSize=1,p=0-8 275.5n ± 6% 170.1n ± 4% -38.26% (p=0.000 n=10)
TokeninfoCache/tokens=2,cacheSize=2,p=0-8 492.9n ± 21% 176.8n ± 2% -64.12% (p=0.000 n=10)
TokeninfoCache/tokens=100,cacheSize=100,p=0-8 455.9n ± 7% 165.5n ± 1% -63.70% (p=0.000 n=10)
TokeninfoCache/tokens=100,cacheSize=100,p=10000-8 593.4n ± 4% 179.8n ± 4% -69.71% (p=0.000 n=10)
TokeninfoCache/tokens=4,cacheSize=2,p=0-8 2571424.0n ± 0% 149.7n ± 3% -99.99% (p=0.000 n=10)
TokeninfoCache/tokens=100,cacheSize=10,p=0-8 2579227.5n ± 0% 139.3n ± 1% -99.99% (p=0.000 n=10)
geomean 7.903µ 162.9n -97.94%
│ master │ HEAD │
│ B/op │ B/op vs base │
TokeninfoCache/tokens=1,cacheSize=1,p=0-8 344.0 ± 0% 344.0 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=2,cacheSize=2,p=0-8 344.0 ± 0% 344.0 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=100,cacheSize=100,p=0-8 344.0 ± 0% 344.0 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=100,cacheSize=100,p=10000-8 368.0 ± 1% 350.0 ± 0% -4.89% (p=0.000 n=10)
TokeninfoCache/tokens=4,cacheSize=2,p=0-8 27.00 ± 0% 344.00 ± 0% +1174.07% (p=0.000 n=10)
TokeninfoCache/tokens=100,cacheSize=10,p=0-8 27.00 ± 7% 344.00 ± 0% +1174.07% (p=0.000 n=10)
geomean 149.0 345.0 +131.62%
¹ all samples are equal
│ master │ HEAD │
│ allocs/op │ allocs/op vs base │
TokeninfoCache/tokens=1,cacheSize=1,p=0-8 3.000 ± 0% 3.000 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=2,cacheSize=2,p=0-8 3.000 ± 0% 3.000 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=100,cacheSize=100,p=0-8 3.000 ± 0% 3.000 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=100,cacheSize=100,p=10000-8 3.000 ± 0% 3.000 ± 0% ~ (p=1.000 n=10) ¹
TokeninfoCache/tokens=4,cacheSize=2,p=0-8 0.000 ± 0% 3.000 ± 0% ? (p=0.000 n=10)
TokeninfoCache/tokens=100,cacheSize=10,p=0-8 0.000 ± 0% 3.000 ± 0% ? (p=0.000 n=10)
geomean ² 3.000 ?
¹ all samples are equal
² summaries must be >0 to compute geomean
```
Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
AlexanderYastrebov
force-pushed
the
filters/auth/tokeninfocache-syncmap
branch
from
c429f5e to
294eaa7
Compare
|
👍 |
1 similar comment
|
👍 |
This was referenced Jan 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.