Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-26-2014, 12:20 PM
|
#1
|
Member
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo, FreeBSD
Posts: 176
Rep:
|
Linux bridge performance/throughput
I suddenly run into network throughput problems on our servers. Servers acts as KVM hypervisors and uses bridges to create several local networks. Each bridge is connected to VLAN (inter-server network) which in turn is connected to two bounded NICs.
Network diagram is on picture (forum software somehow breaks ASCII images between CODE tags).
Bridges throughput (measured with iperf) fluctuates from 300 to 40 Mbits/s on hypervisor with highest load and from 600 to 400 Mbits/s on hypervisor with almost no load at all (2 idle virtual servers). It has negative impact on every application that use database (on separated virtual server). At first I thought that there was something wrong going on bond0 as everything basically depends on physical NICs. However it doesn't matter if bridge is connected to VLAN or disconnected. STP is enabled.
I guess there must be some theoretical maximum throughput based on cpu usage network traffic, etc. but given that hypervisors has 24 CPU and virtual servers aren't under significant load most of the time, I can't figure out what went wrong.
Few info about hypervisor:
Gentoo Linux with custom compiled kernel 3.7.5-hardened (I can provide kernel config if needed)
bridge-utils 1.4
Is there anything I can do to debug it more?
Last edited by yenn; 02-27-2014 at 10:10 AM.
|
|
|
02-27-2014, 10:34 AM
|
#2
|
Member
Registered: May 2011
Location: Nottingham, UK
Distribution: Debian
Posts: 178
Rep:
|
Looking at the diagram you don't need STP - try turning it off. I know we never use it on our XEN servers.
|
|
|
03-04-2014, 01:12 PM
|
#3
|
Member
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo, FreeBSD
Posts: 176
Original Poster
Rep:
|
Thanks for suggestion, but it didn't change anything. I'll try newer kernel and report back.
|
|
|
03-14-2014, 04:51 PM
|
#4
|
Member
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210
Rep:
|
If you are using ethernet bridging in linux and using bridge netfilter (aka firewalling on the bridge), expect EPIC LOSS of throughput. For example, if you are using 10/100 Mbit, expect MAX 30 MBit on 1400 byte frames. Even less on 128byte frames unless you have spent alot of time with in-driver/kernel performance optimizations.
PS. Testing network interface coalescence value tuning will help alot with the amount of interrupts and keeping the system responsive. However, the Netfilter bridge code is... it just needs alot of work
|
|
|
03-26-2014, 10:00 AM
|
#5
|
Member
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo, FreeBSD
Posts: 176
Original Poster
Rep:
|
Quote:
Originally Posted by Lantzvillian
If you are using ethernet bridging in linux and using bridge netfilter (aka firewalling on the bridge), expect EPIC LOSS of throughput. For example, if you are using 10/100 Mbit, expect MAX 30 MBit on 1400 byte frames. Even less on 128byte frames unless you have spent alot of time with in-driver/kernel performance optimizations.
|
Do you mean ebtables? I use packet filtering with ipables with rules like:
Code:
iptables -A INPUT -i br0 [...]
By the way, bridge performance slightly increased with newer kernel (3.9.9-hardened) along with more stable throughput values, but it's still much less than I would expected.
Last edited by yenn; 03-28-2014 at 04:52 PM.
Reason: typo
|
|
|
03-27-2014, 02:04 PM
|
#6
|
Member
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210
Rep:
|
Yes, ebtables is one part of bad performance. I assume you have all debug out of the kernel, branch prediction set, SLUG vs. Slab allocation set as well - if you haven't: don't expect a serious performance change.
One thing also is interrupt handling, we have been doing some profiling, but its not looking good for us. NIC drivers are also a large part of this (at least in Linux, can't say for your VM). Did you tweak ethtool settings etc...?
|
|
|
03-28-2014, 04:52 PM
|
#7
|
Member
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo, FreeBSD
Posts: 176
Original Poster
Rep:
|
Quote:
Originally Posted by Lantzvillian
Yes, ebtables is one part of bad performance. I assume you have all debug out of the kernel, branch prediction set, SLUG vs. Slab allocation set as well - if you haven't: don't expect a serious performance change.
|
If I use iptables rules on bridges, does that mean I'm using ebtables indirectly? I really can't tell right now.
Quote:
Originally Posted by Lantzvillian
One thing also is interrupt handling, we have been doing some profiling, but its not looking good for us. NIC drivers are also a large part of this (at least in Linux, can't say for your VM). Did you tweak ethtool settings etc...?
|
Well, actually I believe that main problem might be in linux kernel bonding, because many people told me that linux bonding really sucks. And as far as I know, it can create really weird problems, like almost unsable connection to certain HP disk array via iSCSI.
I haven't tweak NIC settings with ethtool or debug it extensively, because I don't have much experience with debugging network in Linux and only thing I can think of is tweaking TCP in linux kernel, which strikes me as last resort. Right now I'm trying open vSwitch instead (see http://www.linuxquestions.org/questi...an-4175499820/) as someone recommended it to me. Even for bonding.
Last edited by yenn; 03-28-2014 at 04:54 PM.
|
|
|
All times are GMT -5. The time now is 08:26 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|