Umhlahlandlela onemininingwane ushicilelwe ekulungiseni indawo ye-Linux ukuze kuzuzwe ukusebenza okuphezulu kokucubungula izicelo ze-HTTP. Izindlela ezihlongozwayo zenze kwaba nokwenzeka ukukhulisa ukusebenza kwephrosesa ye-JSON ngokusekelwe kulabhulali ye-libreactor endaweni ye-Amazon EC2 (4 vCPU) kusukela kuzicelo ze-API eziyizinkulungwane ezingama-224 ngomzuzwana ngezilungiselelo ezijwayelekile ze-Amazon Linux 2 nge-kernel 4.14 kuya ku-1.2 yezicelo eziyizigidi okwesibili ngemva kokwenza kahle (ukwanda ngama-436%), futhi kuholele ekunciphiseni ukubambezeleka kokucubungula izicelo ngama-79%. Izindlela ezihlongozwayo aziqondile ku-libreactor futhi zisebenza uma usebenzisa amanye amaseva e-http, okuhlanganisa i-nginx, i-Actix, i-Netty ne-Node.js (i-libreactor isetshenziswe ekuhlolweni ngoba isisombululo esisekelwe kukho sibonise ukusebenza okungcono).
Ukulungiselelwa okuyisisekelo:
- Ukuthuthukisa ikhodi yesikhulula. Inketho ye-R18 evela kukhithi ye-Techempower yasetshenziswa njengesisekelo, eyathuthukiswa ngokususa ikhodi ukuze kukhawulwe inani lama-CPU cores asetshenzisiwe (ukwenza kahle kuvunyelwe ukusheshisa umsebenzi ngo-25-27%), ukuhlangana ku-GCC ngezinketho ze-“-O3” (ukwanda ngo-5-10%) kanye nokuthi "-march-native" (5-10%), esikhundleni sezingcingo ezifundwayo/zokubhala nge-recv/send (5-10%) kanye nokunciphisa phezulu uma usebenzisa imiphetho (2-3%) . Ukwenyuka okuphelele kokusebenza ngemva kokuthuthukiswa kwekhodi kwaba ngu-55%, futhi umphumela wenyuka usuka ku-224k req/s waya ku-347k req/s.
- Khubaza ukuvikeleka ebungozini bokwenza okucatshangelwayo. Kusetshenziswa amapharamitha okuthi “nospectre_v1 nospectre_v2 pti=off mds=off tsx_async_abort=off” lapho ulayisha uhlamvu oluvunyelwe ukukhulisa ukusebenza ngo-28%, futhi umphumela wenyuka ukusuka ku-347k req/s kuya ku-446k req/s. Ngokwehlukana, ukunyuka okuvela kupharamitha ethi “nospectre_v1” (ukuvikelwa ku-Specter v1 + SWAPGS) kwaba ngu-1-2%, “nospectre_v2” (ukuvikelwa ku-Specter v2) - 15-20%, "pti=off" (Specter v3/Meltdown) - 6 %, "mds=off tsx_async_abort=off" (MDS/Zombieload kanye ne-TSX Asynchronous Abortion) - 6%. Izilungiselelo zokuvikela ngokumelene ne-L1TF/Foreshadow (l1tf=flush), i-iTLB multihit, i-Speculative Store Bypass kanye nokuhlasela kwe-SRBDS zishiywe zingashintshiwe, ezingazange ziphazamise ukusebenza njengoba zingaphambananga nokucushwa okuhloliwe (ngokwesibonelo, okuqondile ku-KVM, kufakwe isidleke. i-virtualization namanye amamodeli we-CPU).
- Ikhubaza ukuhlola nokuvinjwa kwezingcingo zesistimu kusetshenziswa umyalo othi "auditctl -a never,task" futhi icacisa inketho ethi "--security-opt seccomp=unconfined" lapho uqala isiqukathi sedokhu. Sekukonke ukukhuphuka kokusebenza kube ngu-11%, futhi umphumela wenyuka usuka ku-446k req/s waya ku-495k req/s.
- Ikhubaza ama-iptables/netfilter ngokukhipha amamojula e-kernel ahlobene. Umqondo wokukhubaza i-firewall, engazange isetshenziswe kusixazululo seseva esithile, ugqugquzelwe yimiphumela yokwenza iphrofayela, uma kubhekwa ukuthi umsebenzi we-nf_hook_slow uthathe u-18% wesikhathi sokuqalisa. Kuyaphawulwa ukuthi ama-nftables asebenza ngokuphumelelayo kunama-iptables, kodwa i-Amazon Linux iyaqhubeka nokusebenzisa iptables. Ngemva kokukhubaza ama-iptables, ukukhuphuka kokusebenza kwaba ngu-22%, futhi ukuphuma kukhuphuke kusuka ku-495k req/s kuya ku-603k req/s.
- Ukuthutha okuncishisiwe kwezibambi phakathi kwama-CPU cores ahlukene ukuze kuthuthukiswe ukusebenza kahle kokusetshenziswa kwenqolobane yokucubungula. Ukuthuthukisa kwenziwe kokubili ezingeni lokubopha izinqubo ze-libreactor kuma-CPU cores (CPU Pinning) nangokuphina izibambi zenethiwekhi ye-kernel (Thola Ukukala Uhlangothi). Isibonelo, i-irqbalance ivaliwe futhi ukuhlobana komugqa ku-CPU kwabekwa ngokucacile kokuthi /proc/irq/$IRQ/smp_affinity_list. Ukuze usebenzise i-CPU core efanayo ukucubungula inqubo yesikhulula kanye nomugqa wenethiwekhi wamaphakethe angenayo, isibambi se-BPF sangokwezifiso siyasetshenziswa, sixhunywe ngokusetha ifulegi le-SO_ATTACH_REUSEPORT_CBPF lapho kwakhiwa isokhethi. Ukuze ubophe olayini bamaphakethe aphumayo ku-CPU, izilungiselelo /sys/class/net/eth0/queues/tx- zishintshiwe /xps_cpus. Sekukonke ukukhuphuka kokusebenza kube ngama-38%, futhi umphumela wenyuka usuka ku-603k req/s waya ku-834k req/s.
- Ukuthuthukisa ukuphathwa kokuphazamiseka kanye nokusetshenziswa kokuvota. Ukunika amandla imodi ye-adaptive-rx kumshayeli we-ENA kanye nokukhohlisa i-sysctl net.core.busy_read kukhuphule ukusebenza ngo-28% (umphumela unyuke usuka ku-834k req/s waya ku-1.06M req/s, futhi ukubambezeleka kwehle ukusuka ku-361μs kuya ku-292μs).
- Ikhubaza izinsiza zesistimu eziholela ekuvinjweni okungadingekile kusitaki senethiwekhi. Ukukhubaza i-dhclient nokusetha mathupha ikheli lasesizindeni se-inthanethi kuholele ekwenyukeni kokusebenza okungu-6% kanye nokuphuma kukhuphuke kusuka ku-1.06M req/s kuya ku-1.12M req/s. Isizathu sokuthi i-dhclient ithinte ukusebenza isekuhlaziyweni kwethrafikhi kusetshenziswa isokhethi eluhlaza.
- Ukulwa Spin Lock. Ukushintsha isitaki senethiwekhi siye kumodi ethi “noqueue” nge-sysctl “net.core.default_qdisc=noqueue” kanye “ne-tc qdisc esikhundleni se-dev eth0 root mq” kuholele ekwenyukeni kokusebenza okungu-2%, nokuphuma kwemali kukhuphuke kusuka ku-1.12M req/s kuya ku-1.15M req/s.
- Ukulungiselelwa okuncane kokugcina, njengokukhubaza i-GRO (Generic Receive Offload) ngomyalo othi “ethtool -K eth0 gro off” futhi esikhundleni se-cubic congestion algorithm nge-reno usebenzisa i-sysctl “net.ipv4.tcp_congestion_control=reno”. Ukukhula kokukhiqiza sekukonke kube ngama-4%. Ukukhiqiza kukhuphuke ukusuka ku-1.15M req/s kuya ku-1.2M req/s.
Ngokungeziwe ekuthuthukisweni okusebenzayo, i-athikili iphinde ixoxe ngezindlela ezingazange ziholele ekwenyukeni kokusebenza okulindelekile. Isibonelo, okulandelayo kubonakale kungasebenzi:
- I-libreactor egijimayo ngokuhlukene ayizange ihluke ekusebenzeni nasekuyiqhubeni esitsheni. Ukushintsha i-writev ngokuthumela, ukukhulisa ama-maxevents ku-epoll_wait, nokuhlola izinguqulo ze-GCC namafulegi akubanga namphumela (umphumela uphawuleka kuphela kumafulegi okuthi “-O3” kanye “ne-march-native”).
- Ukuthuthukisa i-Linux kernel ibe izinguqulo 4.19 kanye no-5.4, kusetshenziswa abahleli be-SCHED_FIFO kanye ne-SCHED_RR, ukushintsha i-sysctl kernel.sched_min_granularity_ns, i-kernel.sched_wakeup_granularity_ns, transparent_hugepages=never, skew did_tick.
- Kumshayeli we-ENA, ukunika amandla amamodi okukhipha (i-segmentation, i-scatter-gather, i-rx/tx checksum), ukwakha ngefulegi elithi “-O3”, nokusebenzisa i-ena.rx_queue_size kanye nemingcele ye-ena.force_large_llq_header akuzange kube nomthelela.
- Izinguquko kusitaki senethiwekhi azizange zithuthukise ukusebenza:
- Khubaza i-IPv6: ipv6.disable=1
- Khubaza i-VLAN: modprobe -rv 8021q
- Khubaza ukuhlola umthombo wephakheji
- net.ipv4.conf.all.rp_filter=0
- net.ipv4.conf.eth0.rp_filter=0
- net.ipv4.conf.all.accept_local=1 (umphumela omubi)
- net.ipv4.tcp_sack = 0
- net.ipv4.tcp_dsack=0
- net.ipv4.tcp_mem/tcp_wmem/tcp_rmem
- net.core.netdev_budget
- net.core.dev_weight
- net.core.netdev_max_backlog
- net.ipv4.tcp_slow_start_after_idle=0
- net.ipv4.tcp_moderate_rcvbuf=0
- net.ipv4.tcp_timestamps=0
- net.ipv4.tcp_low_latency = 1
- SO_PRIORITY
- TCP_NODELAY
Source: opennet.ru