Meltdown and Spectre Vulnerabilities
What are these new critical vulnerabilities? "Meltdown" and "Spectre" are vulnerabilities in the way many modern microprocessor designs implement speculative execution of instructions. Independently discovered last June, these vulnerabilities can be exploited by malicious programs to steal sensitive information from personal computers, mobile devices, and even cloud infrastructures where millions of businesses store their customer data profiles. More detailed information can be found at CVE-2017-5715 and CVE-2017-5754 .
-
Meltdown
Meltdown breaks the most fundamental isolation between user applications and the operating system. Read more.
-
Spectre
Spectre breaks the isolation between different applications. Read more.
Over the past week, the ScaleGrid team has run performance tests to determine the impact of the Meltdown CPU kernel patch on our MongoDB servers. In this post, we'll cover the results of the Meltdown tests we ran for each of the three cloud platforms that we support - Amazon AWS, Microsoft Azure and DigitalOcean (DO).
Test Rig
We used Yahoo! Cloud Serving Benchmark (YCSB) to run these tests, and run against our 'Large' instance type - typically with around 8GB of RAM. Here are the two primarily we ran:
- Insert workload
- Workload A/Balanced workload: 50% Reads, 50% Writes
For more details on the testing methodology, please refer to our post, How to Benchmark MongoDB with YCSB.
Cloud Meltdown Test Summary
|
---|
AWS Meltdown Tests
We use AWS Amazon linux for all our MongoDB and Redis clusters on AWS. For more details on the patches, refer to the AWS Security Bulletin.
AWS Tests SummaryOn average, we're seeing a 4%-5% hit on AWS insert flow and 2-3% hit on the balanced workload. The underlying instance type for this type is an 'HVM type' (hardware virtual machine) - so the expected impact is minimal. With Paravirtual (PV) instance types, the impact will be much larger (closer to what we see and outline with Azure below). |
---|
Azure Meltdown Tests
We use CentOS 6 for all our MongoDB clusters on Azure. Here's where you can find more information about the Azure patches and the Microsoft Windows patches.
Azure Tests SummaryOn average, we're seeing a 10-20% hit in the Azure insert workload and a 20-25% hit in the balanced workload. |
---|
DigitalOcean Meltdown Tests
We use CentOS 6 for all our MongoDB clusters on DigitalOcean. Here's where you can find more information on the patches available for your DigitalOcean droplets.
DigitalOcean Tests SummaryWe see a 30% hit on insert performance and around 30% hit in the balanced workload. |
---|
We're committed to helping our customers keep their MongoDB servers patched and secure from vulnerabilities. To learn more about further protecting your MongoDB cloud deployments, check out our post, The Three A's of MongoDB Security - Authentication, Authorizing & Auditing.
If you have any questions on Meltdown protection for your MongoDB servers, please reach out to us at support@scalegrid.io.
Top comments (0)