As promised in my initial blog post on this matter, GridGain's performance team applied security patches against the notorious Meltdown Spectre vulnerabilities and completed performance testing of general operations and workloads that are typical for GridGain deployments.
The security patches were applied only for CVE-2017-5754 (Meltdown) and CVE-2017-5753 (Spectre Variant 1) vulnerabilities. The patches for CVE-2017-5715 (Spectre Variant 2) for GridGain's lab hardware are not stable yet an can cause system reboot issues or another unpredictable behavior.
The applied patches have shown that the performance implications are negligible - the performance drop is just in the 0 - 7% range as the figure shows:
Thus, the GridGain performance team highly recommends its customers and partners to consider security patches for CVE-2017-5754 (Meltdown) and CVE-2017-5753 (Spectre Variant 1) in their deployment environments and contact our support team if you run into a larger performance drop in your use case.
At the same time, we're keeping an eye on Intel announcements and will validate the performance implications of Spectre Variant 2 once a solution is released by the hardware vendor.
Just for your reference, the benchmarks were executed in the following environment and configuration.
- 4 servers and 8 client nodes
- GridGain version: GridGain Enterprise/Ultimate Edition 8.4.x, GridGain Professional Edition 2.4.x
- Huawei RH2288 V3, CPU - 2x Xeon E5-2609 v4, 1.7GHz, RAM - 96Gb, SSD - 3x800Gb RAID0 2.4Tb, Network - 10Gb/s
- DEll R610, CPU - 2x Xeon X5570, RAM - 96Gb, SSD - 512Gb, HDD - 2048GB, Network - 10Gb/s
- OS CentOS Linux release 7.4.1708 (Core)
- Kernel - Linux 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64