Meltdown and Spectre Vulnerabilities
What are these new critical vulnerabilities? "Meltdown" and "Spectre" are vulnerabilities in the way many modern microprocessor designs implement speculative execution of instructions. Independently discovered last June, these vulnerabilities can be exploited by malicious programs to steal sensitive information from personal computers, mobile devices, and even cloud infrastructures where millions of businesses store their customer data profiles. More detailed information can be found at CVE-2017-5715 and CVE-2017-5754 .
Meltdown breaks the most fundamental isolation between user applications and the operating system. Read more.
Spectre breaks the isolation between different applications. Read more.
Over the past week, the ScaleGrid team has run performance tests to determine the impact of the Meltdown CPU kernel patch on our MongoDB servers. In this post, we'll cover the results of the Meltdown tests we ran for each of the three cloud platforms that we support - Amazon AWS, Microsoft Azure and DigitalOcean (DO).
- Insert workload
- Workload A/Balanced workload: 50% Reads, 50% Writes
For more details on the testing methodology, please refer to our post, How to Benchmark MongoDB with YCSB.
Cloud Meltdown Test Summary
AWS Meltdown Tests
We use AWS Amazon linux for all our MongoDB and Redis clusters on AWS. For more details on the patches, refer to the AWS Security Bulletin.
AWS Tests Summary
On average, we're seeing a 4%-5% hit on AWS insert flow and 2-3% hit on the balanced workload. The underlying instance type for this type is an 'HVM type' (hardware virtual machine) - so the expected impact is minimal. With Paravirtual (PV) instance types, the impact will be much larger (closer to what we see and outline with Azure below).
Azure Meltdown Tests
Azure Tests Summary
On average, we're seeing a 10-20% hit in the Azure insert workload and a 20-25% hit in the balanced workload.
DigitalOcean Meltdown Tests
We use CentOS 6 for all our MongoDB clusters on DigitalOcean. Here's where you can find more information on the patches available for your DigitalOcean droplets.
DigitalOcean Tests Summary
We see a 30% hit on insert performance and around 30% hit in the balanced workload.
We're committed to helping our customers keep their MongoDB servers patched and secure from vulnerabilities. To learn more about further protecting your MongoDB cloud deployments, check out our post, The Three A's of MongoDB Security - Authentication, Authorizing & Auditing.
If you have any questions on Meltdown protection for your MongoDB servers, please reach out to us at firstname.lastname@example.org.