I started thinking about hashing algorithms in general and how resource intensive they are when used in iRules. Also, I’ve been a little jealous of Colin, Joe, & George and their creative use cases for the Google Charts API, so for the first entry of the New Year I thought I’d indulge myself with a little geekery.
Several hashing algorithms are available for use on the LTM. First link is some background on each of the algorithms (or family of algorithms as is the case with SHA2) and the second link is the DevCentral wiki page for the algorithm’s use in iRules.
It might be of worth to note that the crc32 algorithm differs from the rest in that it is checksum function, whereas the rest of them are cryptographic functions. Checksum functions are primarily used for error detection and cryptographic functions primarily in security applications, but both of them can be used in the ordinary tasks of load balancing as well. There are pros/cons to resource utilization and distribution characteristics. I’ll just take a look at resources in this tech tip, but I’ll revisit distribution in the hash load balancing update I mentioned earlier. To give you an idea of the various digest/block sizes and the resulting output, see the table below. Note that the message in all cases is "DevCentral 2011."
Note: Data above actually generated from python zlib and hashlib libraries on Ubuntu 9.04. Just a representative look at the differences in hashing algorithms.
The code is below. Note that the iRule expects a path of /hashcalc and a query (which it uses as the source of the hash computation). If you wanted to pass the number of computations to the iRule in the query, that would be a very small modification.
I made sure each hashing algorithm ran enough times to plot out some meaningful numbers, settling in on 50k calculations, passing the iRules command in through the forearch loop and appending the calctime variable with the algorithm and milliseconds required to run the calculations.
The numbers, courtesy of HTTP::respond and a Google Charts bar graph:
You can see that md5 takes more than twice the time as crc32 to compute the hash, that md5/sha1 are relatively even before stepping to sha256 and then finally to sha384/sha512, which are then roughly twice md5/sha1.
It was a fun investment to look at how the numbers played out between the hashing algorithms. Note that I ran this on a 3600 platform, your mileage may vary on different hardware (or in VE). If you run this, post your numbers back, I’d be curious to see the variance in platform and TMOS version.