Itọsọna alaye ti ṣe atẹjade lori ṣiṣatunṣe agbegbe Linux lati ṣaṣeyọri iṣẹ ṣiṣe ti o pọju fun sisẹ awọn ibeere HTTP. Awọn ọna ti a dabaa ṣe o ṣee ṣe lati mu iṣẹ ṣiṣe ti ero isise JSON ti o da lori ile-ikawe liberactor ni agbegbe Amazon EC2 (4 vCPU) lati awọn ibeere API 224 ẹgbẹrun fun iṣẹju kan pẹlu awọn eto boṣewa ti Amazon Linux 2 pẹlu ekuro 4.14 si awọn ibeere miliọnu 1.2 fun keji lẹhin iṣapeye (ilosoke ti 436%), ati tun yori si idinku awọn idaduro ni awọn ibeere ṣiṣe nipasẹ 79%. Awọn ọna ti a dabaa kii ṣe pato si liberactor ati ṣiṣẹ nigba lilo awọn olupin http miiran, pẹlu nginx, Actix, Netty ati Node.js (a lo libreactor ninu awọn idanwo nitori ojutu ti o da lori rẹ fihan iṣẹ ṣiṣe to dara julọ).
Awọn iṣapeye ipilẹ:
- Iṣapeye koodu liberactor. Aṣayan R18 lati inu ohun elo Techempower ni a lo gẹgẹbi ipilẹ, eyiti o ni ilọsiwaju nipasẹ yiyọ koodu lati fi opin si nọmba awọn ohun kohun Sipiyu ti a lo (iṣapeye gba laaye ni iyara iṣẹ nipasẹ 25-27%), apejọ ni GCC pẹlu awọn aṣayan “-O3”. (ilosoke ti 5-10%) ati "-march-abinibi" (5-10%), rọpo awọn ipe kika/kikọ pẹlu recv/firanṣẹ (5-10%) ati idinku oke nigba lilo awọn pthreads (2-3%) . Ilọsiwaju iṣẹ ṣiṣe gbogbogbo lẹhin iṣapeye koodu jẹ 55%, ati iṣelọpọ pọ si lati 224k req/s si 347k req/s.
- Mu aabo kuro lodi si awọn ailagbara ipaniyan ipaniyan. Lilo awọn paramita “nospectre_v1 nospectre_v2 pti = pipa mds = pipa tsx_async_abort = pipa” nigbati o ba n gbe ekuro laaye lati mu iṣẹ pọ si nipasẹ 28%, ati iṣelọpọ pọ si lati 347k req/s si 446k req/s. Lọtọ, ilosoke lati paramita “nospectre_v1” (idaabobo lati Specter v1 + SWAPGS) jẹ 1-2%, “nospectre_v2” (idaabobo lati Specter v2) - 15-20%, “pti=pa” (Spectre v3/ Meltdown) - 6 %, "mds = pipa tsx_async_abort = pipa" (MDS/Zombieload ati TSX Asynchronous Abort) - 6%. Awọn eto fun aabo lodi si L1TF/Foreshadow (l1tf = flush), iTLB multihit, Speculative Store Bypass ati awọn ikọlu SRBDS ko yipada, eyiti ko ni ipa lori iṣẹ nitori wọn ko ṣe intersect pẹlu iṣeto ni idanwo (fun apẹẹrẹ, ni pato si KVM, itẹ-ẹiyẹ). agbara ipa ati awọn awoṣe Sipiyu miiran).
- Pipa iṣatunṣe ati awọn ọna ṣiṣe idilọwọ ipe eto ni lilo aṣẹ “auditctl -a never, task” ati sisọ aṣayan “--security-opt seccomp=unconfined” nigba ti o bẹrẹ apoti docker. Ilọsiwaju iṣẹ ṣiṣe gbogbogbo jẹ 11%, ati iṣelọpọ pọ si lati 446k req/s si 495k req/s.
- Pa iptables/netfilter kuro nipa gbigbejade awọn modulu ekuro ti o somọ. Imọran lati mu ogiriina naa kuro, eyiti ko lo ninu ojutu olupin kan pato, ni ipilẹṣẹ nipasẹ awọn abajade profaili, idajọ nipasẹ eyiti iṣẹ nf_hook_slow gba 18% ti akoko lati ṣiṣẹ. O ṣe akiyesi pe awọn nftables ṣiṣẹ daradara diẹ sii ju iptables, ṣugbọn Amazon Linux tẹsiwaju lati lo awọn iptables. Lẹhin piparẹ awọn iptables, alekun iṣẹ jẹ 22%, ati iṣelọpọ pọ si lati 495k req/s si 603k req/s.
- Idinku ijira ti awọn olutọju laarin oriṣiriṣi awọn ohun kohun Sipiyu lati mu ilọsiwaju ti lilo kaṣe ero isise ṣiṣẹ. Imudara julọ ni a ṣe mejeeji ni ipele ti awọn ilana isọdọkan si awọn ohun kohun Sipiyu (Pinning CPU) ati nipasẹ awọn olutọju nẹtiwọọki kernel pinning (Gba Side Scaling). Fun apẹẹrẹ, irqbalance jẹ alaabo ati pe isunmọ isinyi si Sipiyu ti ṣeto ni kedere ni /proc/irq/$IRQ/smp_affinity_list. Lati lo mojuto Sipiyu kanna lati ṣe ilana ilana liberactor ati isinyi nẹtiwọọki ti awọn apo-iwe ti nwọle, a ti lo oluṣakoso BPF aṣa kan, ti o sopọ nipasẹ tito asia SO_ATTACH_REUSEPORT_CBPF nigbati o ṣẹda iho. Lati di awọn ila ti awọn apo-iwe ti njade lọ si Sipiyu, awọn eto / sys/kilasi/net/eth0/queues/tx- ti yipada /xps_cpus. Ilọsiwaju iṣẹ ṣiṣe gbogbogbo jẹ 38%, ati iṣelọpọ pọ si lati 603k req/s si 834k req/s.
- Iṣapeye ti mimu idalọwọduro ati lilo idibo. Mu ipo adaptive-rx ṣiṣẹ ni awakọ ENA ati ifọwọyi sysctl net.core.busy_read iṣẹ ṣiṣe pọ si nipasẹ 28% (nipasẹ pọsi lati 834k req/s si 1.06M req/s, ati idaduro dinku lati 361μs si 292μs).
- Pa awọn iṣẹ eto kuro ti o yori si idinamọ ti ko wulo ninu akopọ nẹtiwọọki. Pa dhclient kuro ati ṣiṣeto adiresi IP pẹlu ọwọ yorisi ilosoke iṣẹ ṣiṣe 6% ati iṣelọpọ pọsi lati 1.06M req/s si 1.12M req/s. Idi ti dhclient yoo ni ipa lori iṣẹ ṣiṣe wa ni itupalẹ ijabọ nipa lilo iho aise kan.
- Ija omo ere Titii. Yiyipada akopọ nẹtiwọọki si ipo “noqueue” nipasẹ sysctl “net.core.default_qdisc=noqueue” ati “tc qdisc ropo dev eth0 root mq” yori si ilosoke iṣẹ ṣiṣe 2%, ati igbejade pọsi lati 1.12M req/s si 1.15M req/s.
- Awọn iṣapeye kekere ti o kẹhin, gẹgẹbi piparẹ GRO (Generic Gba Offload) pẹlu aṣẹ “ethtool -K eth0 gro off” ati rirọpo algorithm iṣakoso iṣupọ onigun pẹlu reno ni lilo sysctl “net.ipv4.tcp_congestion_control=reno”. Imudara iṣelọpọ gbogbogbo jẹ 4%. Iwọn gbigbe pọ lati 1.15M req/s si 1.2M req/s.
Ni afikun si awọn iṣapeye ti o ṣiṣẹ, nkan naa tun jiroro awọn ọna ti ko yorisi ilosoke iṣẹ ṣiṣe ti o nireti. Fun apẹẹrẹ, atẹle yii ti jade lati jẹ aiṣedeede:
- Nṣiṣẹ liberactor lọtọ ko yato ninu iṣẹ ṣiṣe lati ṣiṣe ni inu eiyan kan. Rirọpo writev pẹlu fi, npo maxevents ni epoll_wait, ati experimenting pẹlu GCC awọn ẹya ati awọn asia ní ko si ipa (ipa je ti ṣe akiyesi nikan fun awọn asia "-O3" ati "-March-abinibi".
- Igbegasoke ekuro Linux si awọn ẹya 4.19 ati 5.4, ni lilo awọn oluṣeto SCHED_FIFO ati SCHED_RR, ti n ṣe ifọwọyi sysctl kernel.sched_min_granularity_ns, kernel.sched_wakeup_granularity_ns, transparent_hugepages=_source not=skew=skew.
- Ninu awakọ ENA, ṣiṣe awọn ipo Offload (apakan, apejo kaakiri, rx/tx checksum), ile pẹlu asia “-O3”, ati lilo ena.rx_queue_size ati awọn paramita ena.force_large_llq_header ko ni ipa kankan.
- Awọn ayipada ninu akopọ nẹtiwọọki ko ni ilọsiwaju iṣẹ:
- Pa IPv6: ipv6.disable=1
- Pa VLAN: modprobe -rv 8021q
- Pa iṣayẹwo orisun package kuro
- net.ipv4.conf.all.rp_filter=0
- net.ipv4.conf.eth0.rp_filter=0
- net.ipv4.conf.all.accept_local=1 (ipa odi)
- net.ipv4.tcp_sack = 0
- net.ipv4.tcp_dsack=0
- net.ipv4.tcp_mem/tcp_wmem/tcp_rmem
- net.core.netdev_budget
- net.core.dev_weight
- net.core.netdev_max_backlog
- net.ipv4.tcp_slow_start_after_idle=0
- net.ipv4.tcp_moderate_rcvbuf=0
- net.ipv4.tcp_timestamps=0
- net.ipv4.tcp_low_latency = 1
- SO_PRIORITY
- TCP_NODELAY
orisun: opennet.ru