Database Firewall and general traditional database security equipment different, it is deployed between the application server and database server. Huge traffic business systems through a database firewall, database firewall any sign of trouble will affect the normal operation of business systems. Before Speed Racer platform rental bbs.yasewl.com ← test database firewall on the market, regardless of the amount of database firewall functions, must solve two basic problems: performance and reliability.
performance
Performance mainly consider two effects: delay and concurrency.
01. Delay
Delay: operational instruction issued from the time elapsed between the returned results.
In general, the vast majority of customers OLTP (online transaction processing) business requirements-second response, the second response contains all business processes, including: client-side processing (such as browser) delays, business network latency, application server processing delay, delay network database, database processing delay. For the firewall, database, application server to handle the increased latency between the database and the database processing delay a firewall processing delays.
Let's look at the case of conventional general OLTP systems, databases, network delay within 1ms general, the majority of database processing delay between 0.1ms-10ms, a small portion will be between 10ms-100ms, rarely appear in more than a few hundred ms delay.
To simplify the description, we database network delay calibration is 1ms, each database in response to the calibration process delay time 2ms, an average of 20 operations per SQL statements that, each time the delay time of 3ms, the response time of each transaction 60ms, can handle 16.8 per pen business. If the firewall database processing delay time of 1ms, each time the processing delay is increased to 4ms, increasing the total processing time is 80ms, can handle 12.5 per pen business.
Let's analyze the three different business scenarios: an exclusive database connection (no database connection pool), database connection pooling and short connection service. Most of C / S applications exclusive database connections, the majority of B / S applications using a database connection pool, the application is very rare short connection, occurs only in very few applications database processing.
Exclusive database connection
Exclusive applications, database connection, the firewall access the database increases in each treatment 1ms, the overall response has been added 20ms, which is increased from 1000ms 1020ms, will not have any impact on service experience under normal circumstances this delay increment.
Database connection pool
Unlike exclusive database connections, a shared database connection pooling units of different business operations. Assuming that the number of database connection pool 200, a redundancy of 20%, can be used in an amount of 160. Obviously, after the introduction of the firewall database, traffic handling capacity from 16.8 * 160 = 2688 / s drop to 12.5 * 160 = 2000 / s, 25.6% decline in throughput. When you need to compare the 2000 Pen / s higher throughput when access database firewall will impact business lines. In this case, you need to increase the number of database connection pool of at least 26%, that is 252, this time the database connection pool of processing power will be restored to the 2688 Pen / s, affect the overall perception of the business is only increased from 1000ms 1020ms, basic can be ignored.
Short connection service
In short connection service, the database connection time consumed in the operational response time. To establish time-consuming in the 120ms-200ms, database firewall every 1ms latency and increase total 20ms delay will not affect the basic operational level in the Oracle database as an example a database connection.
Affect the database in response to treatment
In the above discussion, we assume that the database will not be affected, but in fact will be added to the database firewall database processing impact, the effects equivalent to slowdowns. In general, the impact of the delay caused by the increase mainly time data is locked, which will affect the database concurrency radically.
Our simple update as an example:
update customer set balance=500 where cust_id=10080;
commit;
You can see the lock period cust_id = 10080 in this line increased from 3ms 4ms, lock period increased by 33.3%, this increase will affect lock time database concurrency at a certain time.