Crowdsec Benchmark#
This docker stack can be used to benchmark an out-of-the-box crowdsec installation. It contains:
- Traefik reverse proxy
- Configured with Access Logs that Crowdsec can consume
- Wired to serve mendhak/http-https-echo, a simple web server that accepts any paths and echos back the request as JSON
- Crowdsec
- Configured to consume Traefik logs
- With Collections required for parsing those logs and basic web traffic
- k6 load testing tool
- Configured to generate concurrent requests and duration of load using ENVs
- Randomized path (
RANDOMIZE=true) - Randomized User-Agent
- forked goeffel for capturing process activity
Additionally, the bash script bench.sh can be used to orchestrate the load call, monitor the crowdsec process, and create a .png plot of CPU using goeffel.
Usage#
Run Load#
Using bench.sh#
./bench.sh
After the run has finished an image [date]_crowdsec-web-traffic-load-[unix_timestamp].png will be generated in ./data/goeffel directory.
Additional graphs can be plotted from the generated hdf5 file using goeffel-analysis.
Manually#
- Start docker services required to run the load
docker compose up traefik echo crowdsec -d
- Start any monitoring/profiling software for crowdsec
Using the goeffel container EX:
docker compose run --rm --no-TTY goeffel goeffel --pid MY_COOL_PROGRAM_PID
- Run load
docker compose up k6
(Optional) Customize Load with .env#
Use the sample .env.example to create an .env for your scenario.
TARGET= number of concurrent requests to make per secondDURATION= number of seconds to run load (thesat the end is important)RANDOMIZE= randomize url path --trueorfalse
Benchmark Results#
See the bench-results folder for some benchmarks run on my own hardware.