With the recent security vulnerabilities discovered — Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) — Redis Labs’ engineering, devops and support teams have been working hard to make sure our cloud services, Redis Cloud (RC) and Redis Cloud Private (RCP), are protected.
As of now, all our RC and RCP clusters on AWS, Azure, GCP and IBM Cloud have been patched by our cloud partners against Meltdown. In addition, some cloud vendors have already managed to mitigate the Spectre’s branch target injection (CVE-2017-5715).
Redis Pack customers:
- Customers who use Redis Pack on the public clouds mentioned above (and deployed Redis Pack on dedicated instances without sharing other applications on the same instances) can rely on the hypervisor security patch. An isolated Redis or Redis Enterprise instance cannot be affected by Meltdown or Spectre when Redis modules are disabled or when using Redis Labs’ certified modules.
- Customers who use Redis Pack on-premises should deploy the Kernel Page Table Isolation (PKTI) patch. We are still waiting for the formal patch release from all major distributions (such as Amazon Linux, Red Hat Enterprise Linux, and Ubuntu), and will make additional recommendations available in the coming days.
Redis Labs’ engineering team has done a series of tests to validate the effect on the performance of our cloud services. We found that the patch has a negligible impact on our Redis Cloud Private service, between 2.5% – 5%, whereas the impact on our Redis Cloud service is in the range of 5%-30%, with minor outliers, depending on the cluster instance types and cloud infrastructure. Our initial tests were performed on our Redis on RAM product, and we plan to extend these to our Redis on Flash product in the coming days and weeks.
Customers who feel affected by these patches can contact our support team (firstname.lastname@example.org) for further help. We have successfully mitigated performance issues for several customers during the last few days.
Snippets from our RCP tests:
We tested a 3-node RCP cluster on AWS, here is what we found:
Before the Meltdown fix:
After the Meltdown fix:
We observed a negligible impact of throughput (2.5%-5%) and almost no effect on latency.
|Cluster instance type||m4.16xlarge|
|Number of nodes in the cluster||3|
|Number of master shards||60|
|Number of items||10M|
|Load generation tool||memtier_benchmark|
|memtier_benchmark instance type||c4.8xlarge|
|Number of memtier_benchmark instances||3|
The Redis Labs Team