Network pipes

Luigi Rizzo rizzo at icir.org
Thu Jul 24 02:14:30 PDT 2003 

hi,    
i have the following questions:

* strange benchmark results! Given the description, I would expect 
  the "|@ rsh" and "|@ ssh" cases to give the same throughput, and
  in any case "| rsh" to be faster than "| ssh". How comes, instead,
  that the times differ by an order of magnitude ? Can you run the
  tests in similar conditions to appreciate the gains better ?

* I do not understand how can you remove the pipe in the remote host
  without modifying there both "sshd" and "sh" ?
  I think it would be very important to understand how much
  |@ depends on the behaviour of the remote daemon.

* the loss of encription on the channel is certainly something that might
  escape the attention of the user. I also wonder in how many cases you
  really need the extra performance to justify the extra plumbing
  mechanism.

* there are subtle implications of your new plumbing in the way
  processes are started. With "A | B | C" the shell first creates the
  pipes, then it can start the processes in any order, and they can
  individually fail to start without any direct consequence other
  than an I/O failure. "A |@ B |@ C" requires that you start things
  from the end of the chain (because you cannot start a process 
  until you have a [socket] descriptor from the next stage in the
  chain), and if a process fails to start you cannot even start the
  next one in the sequence. Not that this is bad, just very different
  from regular pipes.

All the above leaves me a bit puzzled on whether or not this is a
useful addition... In fact, i am not convinced that network pipes
should be implemented in the shell...
 
        cheers
        luigi

On Thu, Jul 24, 2003 at 11:19:49AM +0300, Diomidis Spinellis wrote:
> I am currently testing a set of modifications to /bin/sh that allow a
> user to create a pipeline over the network using a socket as its
> endpoints.  Currently a command like
> 
> tar cvf - / | ssh remotehost dd of=/dev/st0 bs=32k
> 
> has tar sending each block through a pipe to a local ssh process, ssh
> communicating through a socket with a remote ssh daemon and dd
> communicating with sshd through a pipe again.  The changed shell allows
> you to write
> 
> tar cvf - / |@ ssh remotehost -- dd of=/dev/st0 bs=32k | :
> 
> The effect of the above command is that a socket is created between the
> local and the remote host with the standard output of tar and the
> standard input of dd redirected to that socket.  Authentication is still
> performed using ssh (or any other remote login mechanism you specify
> before the -- argument), but the flow between the two processes is from
> then on not protected in terms of integrity and privacy.  Thus the
> method will mostly be useful within the context of a LAN or a VPN.
> 
> The authentication design requires the users to have a special command
> in their path on the remote host, but does not require an additional
> privileged server or the reservation of special ports.
> 
> By eliminating two processes, the associated context switches, the data
> copying, and (in the case of ssh) encryption performance is markedly
> improved:
> 
> dd if=/dev/zero bs=4k count=8192 | ssh remotehost -- dd of=/dev/null
> 33554432 bytes transferred in 17.118648 secs (1960110 bytes/sec)
> dd if=/dev/zero bs=4k count=8192 |@ ssh remotehost -- dd of=/dev/null |
> :
> 33554432 bytes transferred in  4.452980 secs (7535276 bytes/sec)
> 
> Even eliminating the encryption overhead by using rsh you can still see 
> 
> dd if=/dev/zero bs=4k count=8192 | rsh remotehost -- dd of=/dev/null
> 33554432 bytes transferred in 131.907130 secs (254379 bytes/sec)
> dd if=/dev/zero bs=4k count=8192 |@ rsh remotehost -- dd of=/dev/null |
> :
> 33554432 bytes transferred in 86.545385 secs (387709 bytes/sec)
> 
> My questions are:
> 
> 1. How do you feel about integrating these changes to the /bin/sh in
> -CURRENT?  Note that network pipes are a different process plumbing
> mechanism, so they really do belong to a shell; implementing them
> through a separate command would be inelegant.
> 
> 2. Do you see any problems with the new syntax introduced?
> 
> 3. After the remote process starts running standard error output is
> lost.  Do find this a significant problem?
> 
> 4. Both sides of the remote process are communication endpoints and have
> to be connected to other local processes via pipes.  Would it be enough
> to document this behaviour or should it be hidden from the user by means
> of forked read/write processes?
> 
> Diomidis - http://www.spinellis.gr
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"

More information about the freebsd-hackers mailing list