Performance analysis

The network topology looks like this:
HTTP client ------- APISIX ------- HTTP server
The HTTP client and APISIX are running on the same host, the HTTP server uses the httpbin package. Coraza runs inside a WebAssembly virtual machine via Proxy-Wasm.

APISIX hardware information looks like this:
Memory: 32GB
CPU: Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40GHz

The config looks like this, has 669 rules:
"Include @owasp_rules_conf/modconf1.conf",
"SecDebugLogLevel 2",
"SecRuleEngine detectiononly",
......

The test command looks like this:
wrk -t2 -c10 -d60s --latency http://x.x.x.x/status/200

Performance test data looks like this:
<img width="1226" height="202" alt="Image" src="https://github.com/user-attachments/assets/60760362-905b-4f27-9d01-ec8bceb94ffd" />

After enabling the security rules, the performance drops to 1/10 of the original level, which is a severe performance degradation
(1376.39 * 100%) / 356.15 / 40% = 9.66

The Flame Graph looks like this:
<img width="1502" height="813" alt="Image" src="https://github.com/user-attachments/assets/47fd632a-ac1f-4c68-b76d-a496a6bf6193" />

Based on the flame graph analysis, wasmtime_setjmp accounts for 72.49%, indicating a large amount of context switching between the host and the virtual machine. How can this be optimized?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Performance analysis #1499

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Performance analysis #1499

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions