-
Notifications
You must be signed in to change notification settings - Fork 103
Performance
Alexander Krizhanovsky edited this page Apr 2, 2024
·
16 revisions
The chapter describes performance benchmarks, the results itself as well as scenarios to reproduce the results.
- HTTP cache performance
- Tempesta TLS handshakes performance
- HTTP transactions performance under KVM with no vAPIC
Opposite to traditional user-space HTTP proxies like HAproxy or Nginx, Tempesta FW works in kernel space, so it doesn't pay the price for heavyweight prevention of Meltdown and MDS (aka ZombieLoad) Intel vulnerabilities.
The most price for the user-space daemons comes from Kernel page table isolation (KPTI) which degrades Nginx performance up to 20%.
There are no context switches for Tempesta FW, so there is no extra cost to be Metdown and MDS safe.
-
CONFIG_PREEMPT_NONEto eliminate preemtion management overhead. - Switch off debugging facilities, e.g.
CONFIG_DEBUG_KMEMLEAKandCONFIG_KASAN. Check all theCONFIG_DEBUGoptions in your.config.
- Set
/sys/devices/system/cpu/cpuX/cpufreq/scaling_governorfor all CPUs toperformance - Set
processor.max_cstate=0 intel_idle.max_cstate=0for the Linux kernel boot parameters - Disable Turbo Boost, Hyper Threading and Enhanced Intel Speedstep Tech in BIOS
- All the CPUs participating in the workload must be in
isolcpus
- Turn off IRQbalance
- Turn off Network manager
- Brendan Gregg's blog: Linux performance
- Optimizing web servers for high throughput and low latency, Dropbox, 2017.
- Intelpocalypse: goodbye fast system calls
- Benchmarking Methodology for Network Security Device Performance (an RFC draft).
- Linux ACL Performance Analysis
- NVIDIA performance tuning for Mellanox adapters