Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kukonza Linux kuti igwire zopempha za JSON miliyoni 1.2 pamphindikati

Kukonza Linux kuti igwire zopempha za JSON miliyoni 1.2 pamphindikati

Kalozera watsatanetsatane wasindikizidwa pakukonza malo a Linux kuti akwaniritse ntchito yayikulu pakukonza zopempha za HTTP. Njira zomwe zaperekedwa zidapangitsa kuti purosesa ya JSON ichuluke kutengera laibulale yaulere mu Amazon EC2 chilengedwe (4 vCPU) kuchokera ku 224 zikwi zopempha za API pamphindikati ndi makonda a Amazon Linux 2 okhala ndi kernel 4.14 mpaka 1.2 miliyoni zopempha chachiwiri pambuyo pa kukhathamiritsa (kuwonjezeka kwa 436%), komanso kunachititsa kuti kuchepetsa kuchedwa pakukonza zopempha ndi 79%. Njira zomwe zaperekedwa sizili zachindunji kwa libreactor ndikugwira ntchito pogwiritsa ntchito ma seva ena a http, kuphatikizapo nginx, Actix, Netty ndi Node.js (libreactor inagwiritsidwa ntchito poyesa chifukwa yankho lochokera pa izo linasonyeza ntchito yabwino).

Kukonza Linux kuti igwire zopempha za JSON miliyoni 1.2 pamphindikati

Kukhathamiritsa koyambira:

  • Konzani libreactor code. Njira ya R18 yochokera ku Techempower kit idagwiritsidwa ntchito ngati maziko, omwe adasinthidwa ndikuchotsa kachidindo kuti achepetse kuchuluka kwa ma CPU ogwiritsidwa ntchito (kukhathamiritsa kumalola kufulumizitsa ntchito ndi 25-27%), kusonkhana mu GCC ndi zosankha "-O3" (kuwonjezeka kwa 5-10%) ndi "-march-native" (5-10%), kusintha mafoni owerengera / kulemba ndi recv / kutumiza (5-10%) ndi kuchepetsa kumutu pogwiritsa ntchito njira (2-3%) . Kuwonjezeka kwa magwiridwe antchito pambuyo pa kukhathamiritsa kwa ma code kunali 55%, ndipo zotsatira zawonjezeka kuchokera ku 224k req/s kufika ku 347k req/s.
  • Letsani chitetezo ku ziwopsezo zongopeka. Kugwiritsa ntchito magawo "nospectre_v1 nospectre_v2 pti=off mds=off tsx_async_abort=off" pokweza kernel yololedwa kuwonjezera magwiridwe antchito ndi 28%, ndipo zotulutsa zidakwera kuchokera ku 347k req/s mpaka 446k req/s. Payokha, kuwonjezeka kwa gawo "nospectre_v1" (chitetezo kuchokera ku Specter v1 + SWAPGS) chinali 1-2%, "nospectre_v2" (chitetezo kuchokera ku Specter v2) - 15-20%, "pti=off" (Specter v3 / Meltdown) - 6 %, "mds=off tsx_async_abort=off" (MDS/Zombieload ndi TSX Asynchronous Abort) - 6%. Zokonda zotetezedwa ku L1TF/Foreshadow (l1tf=flush), iTLB multihit, Speculative Store Bypass ndi SRBDS zidasiyidwa zosasinthika, zomwe sizinakhudze magwiridwe antchito popeza sanadutse ndi kasinthidwe koyesedwa (mwachitsanzo, makamaka ku KVM, yokhazikika virtualization ndi mitundu ina ya CPU).
  • Kuyimitsa ma auditing ndi makina oletsa kuyimba mafoni pogwiritsa ntchito lamulo la "auditctl -a never,task" ndikutchulanso njira ya "--security-opt seccomp=unconfined" poyambitsa chidebe cha docker. Kuwonjezeka kwa ntchito zonse kunali 11%, ndipo zotsatira zawonjezeka kuchoka pa 446k req/s kufika pa 495k req/s.
  • Kuletsa iptables/netfilter potsitsa ma kernel modules. Lingaliro loletsa firewall, lomwe silinagwiritsidwe ntchito mu njira yeniyeni ya seva, linayambitsidwa ndi zotsatira za mbiri, kuweruza kuti nf_hook_slow ntchito inatenga 18% ya nthawi kuti achite. Zimadziwika kuti nftables imagwira ntchito bwino kuposa iptables, koma Amazon Linux ikupitiriza kugwiritsa ntchito iptables. Pambuyo poletsa ma iptables, kuwonjezeka kwa ntchito kunali 22%, ndipo zotsatira zinawonjezeka kuchokera ku 495k req / s kufika ku 603k req / s.
  • Kuchepetsa kusamuka kwa othandizira pakati pa ma CPU cores osiyanasiyana kuti apititse patsogolo magwiridwe antchito a processor cache. Kukhathamiritsa kunachitika pamlingo womangirira njira zomasulira ku CPU cores (CPU Pinning) komanso kudzera pa pinning kernel network handlers (Receive Side Scaling). Mwachitsanzo, irqbalance idayimitsidwa ndipo kulumikizana kwa mzere ku CPU kunayikidwa momveka bwino mu /proc/irq/$IRQ/smp_affinity_list. Kuti mugwiritse ntchito CPU core yomweyi pokonza ndondomeko ya libreactor ndi mzere wa netiweki wa mapaketi omwe akubwera, chogwirizira cha BPF chimagwiritsidwa ntchito, cholumikizidwa ndikuyika mbendera ya SO_ATTACH_REUSEPORT_CBPF popanga socket. Kumanga mizere yamapaketi otuluka ku CPU, zosintha /sys/class/net/eth0/queues/tx-/xps_cpus zasinthidwa. Kuwonjezeka kwa ntchito zonse kunali 38%, ndipo zotsatira zawonjezeka kuchoka pa 603k req/s kufika 834k req/s.
  • Kukhathamiritsa kwa kusokoneza ndi kugwiritsa ntchito kuvota. Kuthandizira mawonekedwe a adaptive-rx mu dalaivala wa ENA ndikuwongolera sysctl net.core.busy_read kuchuluka kwa magwiridwe antchito ndi 28% (kuchuluka kwawonjezeka kuchokera ku 834k req/s kufika ku 1.06M req/s, ndipo latency idatsika kuchokera ku 361ΞΌs mpaka 292ΞΌs).
  • Kuyimitsa ntchito zamakina zomwe zimabweretsa kutsekeka kosafunikira mu stack network. Kulepheretsa dhclient ndikuyika pamanja adilesi ya IP kunapangitsa kuti ntchito ichuluke ndi 6% ndikuwonjezera kuchokera ku 1.06M req/s mpaka 1.12M req/s. Chifukwa chomwe dhclient imakhudzira magwiridwe antchito ndikuwunika magalimoto pogwiritsa ntchito socket yaiwisi.
  • Kulimbana ndi Spin Lock. Kusinthira stack ya netiweki kukhala "noqueue" mode kudzera pa sysctl "net.core.default_qdisc=noqueue" ndi "tc qdisc m'malo mwa dev eth0 root mq" zidapangitsa kuti magwiridwe antchito achuluke ndi 2%, ndipo kutulutsa kwachulukira kuchoka pa 1.12M req/s kupita ku 1.15M req/s.
  • Kukhathamiritsa kwakung'ono komaliza, monga kuletsa GRO (Generic Receive Offload) ndi lamulo la "ethtool -K eth0 gro off" ndikusintha algorithm ya cubic congestion control ndi reno pogwiritsa ntchito sysctl β€œnet.ipv4.tcp_congestion_control=reno”. Kuwonjezeka kwa zokolola zonse kunali 4%. Kupititsa patsogolo kwawonjezeka kuchoka pa 1.15M req/s kufika ku 1.2M req/s.

Kuphatikiza pa kukhathamiritsa komwe kunagwira ntchito, nkhaniyi ikufotokozanso njira zomwe sizinapangitse kuwonjezeka kwa magwiridwe antchito. Mwachitsanzo, zotsatirazi zidakhala zosathandiza:

  • Kuthamanga kwa libreactor padera sikunasiyanitse magwiridwe antchito ndikuyiyendetsa mu chidebe. Kuchotsa writev ndi kutumiza, kuchulukitsa maxevents mu epoll_wait, ndikuyesa mitundu ya GCC ndi mbendera kunalibe kanthu (zotsatira zake zidawoneka kokha pa mbendera za "-O3" ndi "-march-native").
  • Kukweza kernel ya Linux kukhala 4.19 ndi 5.4, pogwiritsa ntchito SCHED_FIFO ndi SCHED_RR schedulers, manipulating sysctl kernel.sched_min_granularity_ns, kernel.sched_wakeup_granularity_ns, transparent_hugepages=source=never, skew did not
  • Mu dalaivala wa ENA, kuthandizira ma Offload modes (gawo, scatter-gather, rx/tx checksum), kumanga ndi mbendera ya "-O3", ndi kugwiritsa ntchito ena.rx_queue_size ndi ena.force_large_llq_header parameters zinalibe kanthu.
  • Kusintha kwa netiweki sikunasinthe magwiridwe antchito:
    • Letsani IPv6: ipv6.disable=1
    • Letsani VLAN: modprobe -rv 8021q
    • Letsani kuyang'ana kwa magwero a phukusi
      • net.ipv4.conf.all.rp_sefa=0
      • net.ipv4.conf.eth0.rp_filter=0
      • net.ipv4.conf.all.accept_local=1 (zosokoneza)
    • net.ipv4.tcp_sack = 0
    • net.ipv4.tcp_dsack=0
    • net.ipv4.tcp_mem/tcp_wmem/tcp_rmem
    • net.core.netdev_budget
    • net.core.dev_weight
    • net.core.netdev_max_backlog
    • net.ipv4.tcp_slow_start_after_idle=0
    • net.ipv4.tcp_moderate_rcvbuf=0
    • net.ipv4.tcp_timestamps=0
    • net.ipv4.tcp_low_latency = 1
    • SO_PRIORITY
    • TCP_NODELAY

    Source: opennet.ru

Kuwonjezera ndemanga