LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] NFCT and PMTU

To: lvs@xxxxxxxxxx
Subject: Re: [lvs-users] NFCT and PMTU
Cc: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Tue, 11 Sep 2012 02:18:30 +0300 (EEST)
        Hello,

On Mon, 10 Sep 2012, lvs@xxxxxxxxxx wrote:

> I will give this a go tomorrow. I just need to find a client on a network 
> with a <1500 byte MTU! I guess I will have to make one.

        I remember that I test forwarding of ICMP from
client to real server by adding REJECT rule in client box,
for example:

test_client# iptables -I INPUT -p tcp -s VIP --sport 80 -j REJECT

        It will reject the SYN-ACK packet.

        The default message is port-unreachable but it
does not matter, tcpdump will show if message is
correctly forwarded to real server.

> Under CentOS 3 (traditional interrupts) with SMP affinity set to all cores 
> (or rather half the cores for the external NIC and half for internal NIC) 
> load scaled linearly until it fell off a cliff and load hit 100% and more 
> generated traffic resulted in no more throughput (lots of Xoffs). I also 
> have some old data showing NFCT improving performance on CentOS 3.

        So, keeping netfilter conntracks (conntrack=1) uses
less CPU cycles than creating conntracks with every
packet (conntrack=0). I hope you have large nf_conntrack_max
value for the conntrack=1 case.

> Looking at my monitoring graphs for one director when I flipped conntrack 
> from 1 to 0 overall traffic in the peak hour stayed at 1.4Gb while softirq 
> load on the busiest core rose from around 43% to around 62%. Average 
> sotirq load across all cores rose from 27% to 40%. I realise these figures 
> don't tie up with those higher up, but this is a different director with a 
> different mix of services. I have another with no email doing 1.1Gb of 
> traffic and only 15% softirq on the busiest core. Email is expensive to 
> process!

Regards

--
Julian Anastasov <ja@xxxxxx>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>