Manuals / Brands / Computer Equipment / Tablet / IBM / Computer Equipment / Tablet

IBM REDP-4285-00 4.7.6 Performance impact of Netfilter

1 170

Download 170 pages, 4.15 Mb

Chapter 4. Tuning the operating system 133

Draft Document for Review May 4, 2007 11:35 am 4285ch04.fm

4.7.6 Performance impact of Netfilter

As Netfilter provides TCP/IP connection tracking and packet filtering capability (refer to

“Netfilter” on page 29), in certain circumstances it may have a large performance impact. The

impact is clearly visible when the number of connection establishments is high. Figure4-18

and Figure 4-19 show benchmark results with large and small connection establishments

counts. The results clearly illustrate the effect of the Netfilter.

When no Netfilter rule is applied (Figure 4-18), the result shows quite similar performance

characteristics to a benchmark that connection establishment rarely occurs (refer to the left

chart of Figure 4-14 on page 125) while absolute throughput still differs because of

connection establishment overhead.

Figure 4-18 No Netfilter rule applied

However, when filtering rules are applied, relatively inconsistent behavior can been seen

(Figure 4-19).

Figure 4-19 Netfilter rules applied

TCP_CRR benchmark

0

500

1000

1500

2000

2500

3000

3500

4000

4500

1024 2048 4096 8192 16384 32768 65536 131070 262144

remote send socket size

trans rate per sec

1

16

128

1024

1460

4096

16384

32768

65536

131072

Data siz e

(bytes)

TCP_CRR benckmark

0

500

1000

1500

2000

2500

3000

3500

4000

4500

1 16 128 1024 1460 4096 16384 32768 65536 131072

receive data size

tran rate

1024

2048

4096

8192

16384

32768

65536

131070

262144

524288

Socket size

(bytes)

TCP_CRR benchmark

0

500

1000

1500

2000

2500

3000

3500

4000

1024 2048 4096 8192 1638 4 32768 65536 131070 262144

remote send socket size

trans per sec

1

16

128

1024

1460

4096

16384

32768

65536

131072

Data size

(bytes)

TCP_CRR banchmark

0

500

1000

1500

2000

2500

3000

3500

4000

1 16 128 1024 1460 4096 16384 32768 65536 131072

receive data size

trans per sec

1024

2048

4096

8192

16384

32768

65536

131070

262144

524288

Socket size

(bytes)

Contents

Main Page Page Page Contents Page Page Page Notices Trademarks Preface How this Redpaper is structured The team that wrote this Redpaper Become a published author Comments welcome Page operating system Page 1.1 Linux process management 1.1.1 What is a process? 1.1.2 Lifecycle of a process 1.1.3 Thread 1.1.4 Process priority and nice level Process priority 1.1.5 Context switching CPU 1.1.6 Interrupt handling Suspend Resume 1.1.7 Process state Processor Zombie processes 1.1.8 Process memory segments Text Data Stack Process address space 1.1.9 Linux CPU scheduler 4285ch01.fm 10 Figure 1-8 Linux kernel 2.6 O(1) scheduler via scheduler_tick() P active expired array[0] array[1] PP P active expired array[0] array[1] PP Parent Child 1.2 Linux memory architecture 1.2.1 Physical and virtual memory Virtual memory addressing layout 32-bit Architecture 64-bit Architecture User space Kernel space 32-bit Architecture 64-bit Architecture User space Kernel space 1.2.2 Virtual memory manager Page frame allocation Buddy system Page frame reclaiming cache and process address space. The page cache is pages mapped to a file on disk. The swap 1.3 Linux file systems 1.3.1 Virtual file system 1.3.2 Journaling 1. write journal logs write File system Journal area 1.3.3 Ext2 Ext2 1.3.4 Ext3 Mode of journaling 1.3.5 ReiserFS 1.3.6 Journal File System 1.3.7 XFS 1.4 Disk I/O subsystem 1.4.1 I/O subsystem architecture 1.4.2 Cache Memory hierarchy Locality of reference Flushing dirty buffer 1.4.3 Block layer Disk Cache Disk Cache Block sizes 1.4.4 I/O device driver SCSI ips qla2300mptscsih 1.4.5 RAID and Storage system st sr_modsd_modsg scsi_mod Upper level driver Mid level driver Device Process Low level driver 1.5 Network subsystem 1.5.1 Networking implementation Socket buffer TCP/IP IPX Appletalk DEVICE NAPI way NAPI way DEVICE Netfilter Netfilter Connection tracking 1.5.2 TCP/IP Connection establishment Chapter 1. Understanding the Linux operating system 31 Draft Document for Review May 4, 2007 11:35 am 4285ch01.fm Figure 1-27 TCP 3-way handshake Client Server 4285ch01.fm 32 Traffic control TCP/IP transfer window CLOSED LISTEN SYN SENT LAST-ACK ESTAB SYN RCVD 1.5.3 Offload 1.5.4 Bonding module 1.6 Understanding Linux performance metrics 1.6.1 Processor metrics 1.6.2 Memory metrics 1.6.3 Network interface metrics 1.6.4 Block device metrics transfers per second metric in conjunction with the kBytes per second value helps you to Page Page Page 2.1 Introduction 2.2 Overview of tool function 2.3 Monitoring tools 2.3.1 top 2.3.2 vmstat 2.3.3 uptime 2.3.4 ps and pstree Page Thread information 2.3.5 free Memory used in a zone 2.3.6 iostat Page 2.3.7 sar 2.3.8 mpstat 2.3.9 numastat 2.3.10 pmap 2.3.11 netstat 2.3.12 iptraf 2.3.13 tcpdump / ethereal tcpdump ethereal 2.3.14 nmon 2.3.15 strace 2.3.16 Proc file system Page 2.3.17 KDE System Guard Work space System Load Process Table Configuring a work sheet Page 2.3.18 Gnome System Monitor 2.3.19 Capacity Manager Page Page 2.4 Benchmark tools 2.4.1 LMbench 2.4.2 IOzone 2.4.3 netperf Page Page 2.4.4 Other useful tools bottlenecks 3.1 Identifying bottlenecks 3.1.1 Gathering information Page 3.1.2 Analyzing the servers performance 3.2 CPU bottlenecks 3.2.1 Finding CPU bottlenecks 3.2.2 SMP 3.2.3 Performance tuning options 3.3 Memory bottlenecks 3.3.1 Finding memory bottlenecks Paging and swapping indicators 3.3.2 Performance tuning options 3.4 Disk bottlenecks 3.4.1 Finding disk bottlenecks vmstat command iostat command 3.4.2 Performance tuning options 3.5 Network bottlenecks 3.5.1 Finding network bottlenecks Page 3.5.2 Performance tuning options Page Page 4.1 Tuning principals 4.1.1 Change management 4.2 Installation considerations 4.2.1 Installation Page 4.2.2 Check the current configuration dmesg Page ulimit 4.2.3 Minimize resource use Daemons Page Page Page Changing runlevels Limiting local terminals 4.2.4 SELinux SELinux Kernel Process User Request Access Grant Access Grant/Deny Access Based on Policy 4.3 Changing kernel parameters Page Page 4.3.1 Where the parameters are stored 4.3.2 Using the sysctl command 4.4 Tuning the processor subsystem 4.4.1 Tuning process priority 4.4.2 CPU affinity for interrupt handling 4.4.3 Considerations for NUMA systems numactl 4.5 Tuning the vm subsystem 4.5.1 Setting kernel swap and pdflush behavior 4.5.2 Swap partition 4.5.3 HugeTLBfs 4.6 Tuning the disk subsystem 4.6.1 Hardware considerations before installing Linux Number of drives Guidelines for setting up partitions 4.6.2 I/O elevator tuning and selection Selecting the right I/O elevator in kernel 2.6 Page Impact of nr_requests Page Impact of read_ahead_kb 4.6.3 File system selection and tuning Using ionice to assign I/O priority Access time updates Select the journaling mode of the file system Block sizes stripe size of the array (or segment in the case of Fibre Channel). The stripe-unit size is the 4.7 Tuning the network subsystem 4.7.1 Considerations of traffic characteristics 4.7.2 Speed and duplexing 4.7.3 MTU size 4.7.4 Increasing network buffers Tuning window sizes Page Impact of socket buffer size 4.7.5 Additional TCP/IP tuning Tuning IP and ICMP behavior Page Tuning TCP behavior Tuning TCP options Chapter 4. Tuning the operating system 133 Draft Document for Review May 4, 2007 11:35 am 4285ch04.fm Figure 4-19 Netfilter rules applied 4.7.6 Performance impact of Netfilter Figure 4-18 No Netfilter rule applied TCP_CRR benchmark TCP_CRR benckmark TCP_CRR benchmark 4.7.7 Offload configuration Impact of offloading Chapter 4. Tuning the operating system 135 Draft Document for Review May 4, 2007 11:35 am 4285ch04.fm Figure 4-21 Throughput degradation by offloading Figure 4-20 CPU usage improvement by offloading cpu usage improvement - default vs offload off 4.7.8 Increasing the packet queues 4.7.9 Increasing the transmit queue length 4.7.10 Decreasing interrupts Page Page Page 4285ax01.fm 140 Hardware and software configurations Linux installed on guest IBM z/VM systems Linux installed on IBM System x servers Three IBM System x x236 servers were configured as shown in TableA-2. Page Page Abbreviations and acronyms 4285abrv.fm 144 Related publications IBM Redbooks Other publications Online resources Page How to get IBM Redbooks Help from IBM Page Index Symbols Numerics A B E F G H I N O P 4285IX.fm 152 Q R S T U V W X Z Page Page Redpaper Back cover INTERNATIONAL TECHNICAL SUPPORT ORGANIZATION Linux Performance and Tuning Guidelines