|
Hello,
On Mon, 10 Dec 2001, Fabrice wrote:
> Hello,
>
> I made some tests and have some questions (2.4.16 + LVS 0.9.7, ipvsadm 1.20).
>
> Syn Floods:
> ===========
>
> I was testing my LVS-NAT system against SYN floods with Julian's testlvs
> program.
> At the paragraph 12.14 from the LVS-HOWTO, they are talking about sending
> 80'000 or
> 110'000 SYN per seconds over a 100 Mbps Ethernet network.
>
> Julian's setup: "My tests show that I can't see a visible difference. We
> are talking
> about 110,000 SYN packets/sec with 10 pseudo clients and same cpu idle
> during
> the tests (there is not enough client power in my setup for full test),
> 2
> CPUx 866MHz,
> 2 100mbit internal i82557/i82558 NICs, switched hub".
>
> I tought that FastEthernet was limited to about 8000 packets per seconds.
> How is it possible,
8000*1500bytes
Now check with 60-byte SYN packets. Then with X-byte UDP packets
where X is your average packet size
> even with 2 NICs, to reach 110'000 SYN packets per seconds? Is the testlvs
> program run
> directly on the LVS box?
No, many client hosts runing testlvs. One 600MHz may be can
generate 40-50K packets/sec. Run it on 2-3 client hosts. The RS only
drops after accounting.
> How to bypass this limitation? Gigabit Ethernet cards/network?
100mbit
> LVS-NAT CPU Load:
> =================
>
> I saw many times that the LVS-NAT requires a lot more computing power than
> DR and TUN,
> but my Pentium 166 / 60MB RAM director seems to be able to handle quite
> some traffic.
> I couldn't test at 100Mbps (because I have only 2 P166 Real Servers) but
> the load, even
> during the "testlvs" load, was only going up to about 10% (System/Kernel
> load).
This load is difficult to measure. You can run the following
commands in 2 different terminals on the director, at the same time:
1> vmstat 1
2> vmstat 10
If they show big difference, then you are near the limits
> Radu-Adrian's mail (about Tiscali's LVS) was saying that they mesured the
> load and came
> to a "formula" that looked like this (For PIII @ 866MHz):
>
> CPU_Load[%] = 0.92 * Traffic[Mbps]
I'm not sure CPU_Load is valid parameter. May be only if you
have one process eating your CPU while the packets interrupt it.
> So for my 25Mbps traffic, that would mean a load of 23% for a PIII @
> 866MHz, I let you convert
> that for a P166 :)
> Were they using a 2.2 kernel, and is there such a difference in performance
> between 2.2 and
> 2.4 kernels?
IIRC, I saw 10% difference between 2.2 and 2.4
> In the LVS-HOWTO, at the same paragraph as above (12.14), Julian says that
> TUN and NAT
> overhead is negligeable?
I still think so. Updating the ip hdr checksums by reading
5 longs is not a big deal. But someone can prove it with busy director
flooded from testlvs. May be TUN is different. Of course, the tests
on fast CPU with gigabit are interesting too. The same is for slow
director with 100mbit. They are the ideal setups to compare the different
methods, i.e. when the director is near its limits. When the output
traffic becomes lower than the incoming then we reached the limit.
Note that for NAT we don't talk about the in->out traffic,
we compare the out->in direction for all forwarding methods.
> Thanks a lot for your answers :)
>
> Fabrice Bucher
Regards
--
Julian Anastasov <ja@xxxxxx>
|
