Zum Hauptinhalt springen

Leistungsoptimierung

When applied in a production environment with millions of users or permissions, you may encounter a performance downgrade in Casbin enforcement. There are usually two causes:

Hoher Lautstärkeverkehr

The number of incoming requests per second is too large, for example, 10,000 requests/s for a single Casbin instance. In such cases, a single Casbin instance is usually not enough to handle all the requests. There are two possible solutions:

  1. Verwenden Sie Multithreading um mehrere Casbin-Instanzen zu aktivieren, so dass Sie alle Kerne des Computers vollständig nutzen können. For more details, see: Multi-threading.

  2. Deploy Casbin instances to a cluster (multiple machines) and use Watcher to ensure all Casbin instances are consistent. For more details, see: Watchers.

note

You can use both of the above methods at the same time, for example, deploy Casbin to a 10-machine cluster where each machine has 5 threads simultaneously serving Casbin enforcement requests.

Hohe Anzahl an Regeln für Richtlinien

In a cloud or multi-tenant environment, millions of policy rules may be required. Each enforcement call or even loading the policy rules at the initial time can be very slow. Derartige Fälle können in der Regel auf verschiedene Weise gemildert werden:

  1. Check if your Casbin model or policy is well-designed. A well-written model and policy abstracts out the duplicated logic for each user/tenant and reduces the number of rules to a very small level (< 100). For example, you can share some default rules across all tenants and allow users to customize their rules later. Customized rules can override the default rules. If you have any further questions, please open a GitHub issue on the Casbin repository.

  2. Do sharding to let a Casbin enforcer only load a small set of policy rules. For example, enforcer_0 can serve tenant_0 to tenant_99, while enforcer_1 can serve tenant_100 to tenant_199. To load only a subset of all policy rules, see: Policy Subset Loading.

  3. Erteilen Sie RBAC Rollen anstelle von Benutzern direkt Rechte. Casbin's RBAC wird durch einen Rollenvererbungsbaum (als Cache) implementiert. So, given a user like Alice, Casbin only takes O(1) time to query the RBAC tree for the role-user relationship and perform enforcement. If your g rules don't change often, then the RBAC tree won't need to be constantly updated. See the details of this discussion here: https://github.com/casbin/casbin/issues/681#issuecomment-763801583

note

You can try all of the above methods at the same time.