Ebipụtala ntuziaka zuru ezu na imegharị gburugburu Linux iji nweta arụmọrụ kachasị maka nhazi arịrịọ HTTP. Ụzọ ndị a tụrụ aro mere ka o kwe omume ịbawanye arụmọrụ nke JSON processor dabere na ọbá akwụkwọ na-agụ akwụkwọ na Amazon EC2 gburugburu (4 vCPU) site na arịrịọ API 224 puku kwa nkeji na ntọala ọkọlọtọ nke Amazon Linux 2 na kernel 4.14 ruo 1.2 nde arịrịọ kwa nkeji. nke abụọ mgbe njikarịcha (mmụba nke 436%), ma meekwa ka mbelata nke igbu oge na arịrịọ nhazi site na 79%. Ụzọ ndị a tụrụ aro abụghị kpọmkwem maka onye na-agụ akwụkwọ ma na-arụ ọrụ mgbe ị na-eji sava http ndị ọzọ, gụnyere nginx, Actix, Netty na Node.js (a na-eji onye na-eme ihe na-eme ihe na ule n'ihi na ngwọta dabere na ya gosipụtara arụmọrụ ka mma).
Nkwalite ntọala:
- Na-ebuli koodu ndị na-agụ akwụkwọ. Ejiri nhọrọ R18 sitere na ngwa Techempower mee ihe dị ka ntọala, nke emelitere site na iwepu koodu iji belata ọnụ ọgụgụ nke cores CPU eji (njikarịcha kwere ka ọ rụọ ọrụ ngwa ngwa site na 25-27%), na-agbakọta na GCC na nhọrọ "-O3". (mmụba nke 5-10%) na "-march-native" (5-10%), dochie oku ịgụ/ dee oku na recv/zipu (5-10%) na ibelata elu mgbe ị na-eji pthreads (2-3%) . Mmụba arụmọrụ n'ozuzu ka emechara koodu njikarịcha bụ 55%, na ntinye sitere na 224k req/s ruo 347k req/s.
- Gbanyụọ nchebe megide adịghị ike igbu ntule. Iji paramita “nospectre_v1 nospectre_v2 pti = gbanyụọ mds = gbanyụọ tsx_async_abort = gbanyụọ” mgbe ị na-ebunye kernel kwere ka iwelie arụmọrụ site na 28%, yana ntinye abawanye site na 347k req/s ruo 446k req/s. N'iche iche, mmụba site na oke "nospectre_v1" (nchedo si Specter v1 + SWAPGS) bụ 1-2%, "nospectre_v2" (nchebe site na Specter v2) - 15-20%, "pti = gbanyụọ" (Spectre v3 / Meltdown) - 6 %, "mds = gbanyụọ tsx_async_abort = gbanyụọ" (MDS/Zombieload na TSX Asynchronous Abort) - 6%. Ntọala maka nchebe megide L1TF / Foreshadow (l1tf = flush), iTLB multihit, Speculative Store Bypass na ọgụ SRBDS ka agbanweghị, nke na-emetụtaghị arụmọrụ ebe ọ bụ na ha ejikọtaghị na nhazi a nwalere (dịka ọmụmaatụ, kpọmkwem na KVM, akwu). virtualization na ụdị CPU ndị ọzọ).
- Ịkwụsị usoro nyocha na usoro ịkpọchi sistemu site na iji iwu "auditctl -a never,task" na ịkọwapụta "--security-opt seccomp=unconfined" nhọrọ mgbe ịmalite akpa docker. Mmụba arụmọrụ n'ozuzu ya bụ 11%, na ntinye sitere na 446k req/s ruo 495k req/s.
- Gbanyụọ iptables/netfilter site na ibutu modul kernel emetụtara. Echiche iji gbanyụọ firewall, nke ejighị ya na ngwọta nkesa kpọmkwem, kpaliri ya site na ịkọwapụta nsonaazụ, na-ekpe ikpe nke nf_hook_slow ọrụ were 18% nke oge iji mezuo. Achọpụtara na nftables na-arụ ọrụ nke ọma karịa iptables, mana Amazon Linux na-aga n'ihu na-eji iptables. Mgbe emechara iptables, mmụba arụmọrụ bụ 22%, na ntinye sitere na 495k req/s wee ruo 603k req/s.
- Mbelata mbugharị nke ndị njikwa n'etiti cores CPU dị iche iche iji melite arụmọrụ nke iji cache processor. Emere nkwalite ya ma n'ogo nke ijikọ usoro ndị na-agụ akwụkwọ na cores CPU (CPU Pinning) yana site na ndị na-ahụ maka netwọkụ kernel pinning (Nata Scaling Side). Dịka ọmụmaatụ, enweghị nkwarụ na irqbalance wee debe njikọ kwụ n'ahịrị na CPU n'ụzọ doro anya na /proc/irq/$IRQ/smp_affinity_list. Iji jiri otu isi CPU ahụ hazie usoro ntọhapụ yana kwụ n'ahịrị netwọkụ nke ngwugwu na-abata, a na-eji onye njikwa BPF omenala, jikọọ site na ịtọ ọkọlọtọ SO_ATTACH_REUSEPORT_CBPF mgbe ị na-eke oghere. Iji kee ahịrị nke ngwugwu na-apụ apụ na CPU, agbanweela ntọala / sys/class/net/eth0/queues/tx- /xps_cpus. Mmụba arụmọrụ n'ozuzu ya bụ 38%, na ntinye sitere na 603k req/s ruo 834k req/s.
- Ịkwalite njikwa nkwụsịtụ na iji ntuli aka. Na-eme ka ọnọdụ adaptive-rx dị na onye ọkwọ ụgbọ ala ENA na ijikwa sysctl net.core.busy_read mụbara arụmọrụ site na 28% (site na 834k req/s gbagoro na 1.06M req/s, na nkwụsịtụ na-ebelata site na 361μs ruo 292μs).
- Ịkwụsị ọrụ sistemụ na-eduga na nkwụsị na-enweghị isi na nchịkọta netwọk. Ịkwụsị dhclient na iji aka tinye adreesị IP butere mmụba arụmọrụ 6% yana mmepụta mụbara site na 1.06M req/s ruo 1.12M req/s. Ihe kpatara dhclient na-emetụta arụmọrụ bụ na nyocha okporo ụzọ na-eji oghere raw.
- Mkpọchi na-alụ ọgụ. Ịtụgharị nchịkọta netwọk na ọnọdụ "noqueue" site na sysctl "net.core.default_qdisc=noqueue" na "tc qdisc dochie dev eth0 root mq" mere ka mmụba arụmọrụ 2% pụta, na ntinye sitere na 1.12M req/s ruo 1.15M. req/s.
- Nkwalite obere ikpeazụ, dị ka iwepu GRO (Generic Receive Offload) na iwu “ethtool -K eth0 gro off” yana dochie algọridim njikwa cubic congestion na reno iji sysctl “net.ipv4.tcp_congestion_control=reno”. Mmụba nrụpụta n'ozuzu ya bụ 4%. Nbudata sitere na 1.15M req/s ruo 1.2M req/s.
Na mgbakwunye na njikarịcha ndị na-arụ ọrụ, isiokwu ahụ na-atụlekwa ụzọ ndị na-edugaghị n'ịbawanye arụmọrụ a na-atụ anya ya. Dịka ọmụmaatụ, ihe ndị a tụgharịrị ghara ịdị irè:
- Na-agba ọsọ liberactor iche iche adịghị iche na arụmọrụ na-agba ya na akpa. Dochie writev na izipu, na-abawanye maxevents na epoll_wait, na ịnwale ụdị GCC na ọkọlọtọ enweghị mmetụta (mmetụta a pụtara naanị maka ọkọlọtọ “-O3” na “-march-native”).
- Ịkwalite kernel Linux gaa na ụdị 4.19 na 5.4, na-eji SCHED_FIFO na SCHED_RR nhazi oge, na-emegharị sysctl kernel.sched_min_granularity_ns, kernel.sched_wakeup_granularity_ns, transparent_hugepages= _source not = skew
- N'ime onye ọkwọ ụgbọ ala ENA, na-eme ka ụdịdị Offload (nkewa, ikposa-gather, rx/tx checksum), na-eji ọkọlọtọ “-O3” wuo, yana iji ena.rx_queue_size na ena.force_large_llq_header parameters enweghị mmetụta.
- Mgbanwe na nchịkọta netwọk emebeghị ka arụmọrụ ya dịkwuo mma:
- Gbanyụọ IPv6: ipv6.disable=1
- Gbanyụọ VLAN: modprobe -rv 8021q
- Gbanyụọ nlele isi iyi ngwugwu
- net.ipv4.conf.all.rp_filter=0
- net.ipv4.conf.eth0.rp_filter=0
- net.ipv4.conf.all.accept_local=1 (mmetụta adịghị mma)
- net.ipv4.tcp_sack = 0
- net.ipv4.tcp_dsack=0
- net.ipv4.tcp_mem/tcp_wmem/tcp_rmem
- net.core.netdev_budget
- net.core.dev_arọ
- net.core.netdev_max_backlog
- net.ipv4.tcp_slow_start_after_idle=0
- net.ipv4.tcp_moderate_rcvbuf=0
- net.ipv4.tcp_timestamps=0
- net.ipv4.tcp_low_latency = 1
- SO_PRIORITY
- TCP_NODELAY
isi: opennet.ru