I-ProHoster > Блог > izindaba ze-inthanethi > Ukulungiselela i-Linux ukuthi isingathe izicelo ze-JSON eziyizigidi ezingu-1.2 ngomzuzwana

Ukulungiselela i-Linux ukuthi isingathe izicelo ze-JSON eziyizigidi ezingu-1.2 ngomzuzwana

Umhlahlandlela onemininingwane ushicilelwe ekulungiseni indawo ye-Linux ukuze kuzuzwe ukusebenza okuphezulu kokucubungula izicelo ze-HTTP. Izindlela ezihlongozwayo zenze kwaba nokwenzeka ukukhulisa ukusebenza kwephrosesa ye-JSON ngokusekelwe kulabhulali ye-libreactor endaweni ye-Amazon EC2 (4 vCPU) kusukela kuzicelo ze-API eziyizinkulungwane ezingama-224 ngomzuzwana ngezilungiselelo ezijwayelekile ze-Amazon Linux 2 nge-kernel 4.14 kuya ku-1.2 yezicelo eziyizigidi okwesibili ngemva kokwenza kahle (ukwanda ngama-436%), futhi kuholele ekunciphiseni ukubambezeleka kokucubungula izicelo ngama-79%. Izindlela ezihlongozwayo aziqondile ku-libreactor futhi zisebenza uma usebenzisa amanye amaseva e-http, okuhlanganisa i-nginx, i-Actix, i-Netty ne-Node.js (i-libreactor isetshenziswe ekuhlolweni ngoba isisombululo esisekelwe kukho sibonise ukusebenza okungcono).

Ukulungiselela i-Linux ukuthi isingathe izicelo ze-JSON eziyizigidi ezingu-1.2 ngomzuzwana

Ukulungiselelwa okuyisisekelo:

  • Ukuthuthukisa ikhodi yesikhulula. Inketho ye-R18 evela kukhithi ye-Techempower yasetshenziswa njengesisekelo, eyathuthukiswa ngokususa ikhodi ukuze kukhawulwe inani lama-CPU cores asetshenzisiwe (ukwenza kahle kuvunyelwe ukusheshisa umsebenzi ngo-25-27%), ukuhlangana ku-GCC ngezinketho ze-“-O3” (ukwanda ngo-5-10%) kanye nokuthi "-march-native" (5-10%), esikhundleni sezingcingo ezifundwayo/zokubhala nge-recv/send (5-10%) kanye nokunciphisa phezulu uma usebenzisa imiphetho (2-3%) . Ukwenyuka okuphelele kokusebenza ngemva kokuthuthukiswa kwekhodi kwaba ngu-55%, futhi umphumela wenyuka usuka ku-224k req/s waya ku-347k req/s.
  • Khubaza ukuvikeleka ebungozini bokwenza okucatshangelwayo. Kusetshenziswa amapharamitha okuthi “nospectre_v1 nospectre_v2 pti=off mds=off tsx_async_abort=off” lapho ulayisha uhlamvu oluvunyelwe ukukhulisa ukusebenza ngo-28%, futhi umphumela wenyuka ukusuka ku-347k req/s kuya ku-446k req/s. Ngokwehlukana, ukunyuka okuvela kupharamitha ethi “nospectre_v1” (ukuvikelwa ku-Specter v1 + SWAPGS) kwaba ngu-1-2%, “nospectre_v2” (ukuvikelwa ku-Specter v2) - 15-20%, "pti=off" (Specter v3/Meltdown) - 6 %, "mds=off tsx_async_abort=off" (MDS/Zombieload kanye ne-TSX Asynchronous Abortion) - 6%. Izilungiselelo zokuvikela ngokumelene ne-L1TF/Foreshadow (l1tf=flush), i-iTLB multihit, i-Speculative Store Bypass kanye nokuhlasela kwe-SRBDS zishiywe zingashintshiwe, ezingazange ziphazamise ukusebenza njengoba zingaphambananga nokucushwa okuhloliwe (ngokwesibonelo, okuqondile ku-KVM, kufakwe isidleke. i-virtualization namanye amamodeli we-CPU).
  • Ikhubaza ukuhlola nokuvinjwa kwezingcingo zesistimu kusetshenziswa umyalo othi "auditctl -a never,task" futhi icacisa inketho ethi "--security-opt seccomp=unconfined" lapho uqala isiqukathi sedokhu. Sekukonke ukukhuphuka kokusebenza kube ngu-11%, futhi umphumela wenyuka usuka ku-446k req/s waya ku-495k req/s.
  • Ikhubaza ama-iptables/netfilter ngokukhipha amamojula e-kernel ahlobene. Umqondo wokukhubaza i-firewall, engazange isetshenziswe kusixazululo seseva esithile, ugqugquzelwe yimiphumela yokwenza iphrofayela, uma kubhekwa ukuthi umsebenzi we-nf_hook_slow uthathe u-18% wesikhathi sokuqalisa. Kuyaphawulwa ukuthi ama-nftables asebenza ngokuphumelelayo kunama-iptables, kodwa i-Amazon Linux iyaqhubeka nokusebenzisa iptables. Ngemva kokukhubaza ama-iptables, ukukhuphuka kokusebenza kwaba ngu-22%, futhi ukuphuma kukhuphuke kusuka ku-495k req/s kuya ku-603k req/s.
  • Ukuthutha okuncishisiwe kwezibambi phakathi kwama-CPU cores ahlukene ukuze kuthuthukiswe ukusebenza kahle kokusetshenziswa kwenqolobane yokucubungula. Ukuthuthukisa kwenziwe kokubili ezingeni lokubopha izinqubo ze-libreactor kuma-CPU cores (CPU Pinning) nangokuphina izibambi zenethiwekhi ye-kernel (Thola Ukukala Uhlangothi). Isibonelo, i-irqbalance ivaliwe futhi ukuhlobana komugqa ku-CPU kwabekwa ngokucacile kokuthi /proc/irq/$IRQ/smp_affinity_list. Ukuze usebenzise i-CPU core efanayo ukucubungula inqubo yesikhulula kanye nomugqa wenethiwekhi wamaphakethe angenayo, isibambi se-BPF sangokwezifiso siyasetshenziswa, sixhunywe ngokusetha ifulegi le-SO_ATTACH_REUSEPORT_CBPF lapho kwakhiwa isokhethi. Ukuze ubophe olayini bamaphakethe aphumayo ku-CPU, izilungiselelo /sys/class/net/eth0/queues/tx- zishintshiwe /xps_cpus. Sekukonke ukukhuphuka kokusebenza kube ngama-38%, futhi umphumela wenyuka usuka ku-603k req/s waya ku-834k req/s.
  • Ukuthuthukisa ukuphathwa kokuphazamiseka kanye nokusetshenziswa kokuvota. Ukunika amandla imodi ye-adaptive-rx kumshayeli we-ENA kanye nokukhohlisa i-sysctl net.core.busy_read kukhuphule ukusebenza ngo-28% (umphumela unyuke usuka ku-834k req/s waya ku-1.06M req/s, futhi ukubambezeleka kwehle ukusuka ku-361μs kuya ku-292μs).
  • Ikhubaza izinsiza zesistimu eziholela ekuvinjweni okungadingekile kusitaki senethiwekhi. Ukukhubaza i-dhclient nokusetha mathupha ikheli lasesizindeni se-inthanethi kuholele ekwenyukeni kokusebenza okungu-6% kanye nokuphuma kukhuphuke kusuka ku-1.06M req/s kuya ku-1.12M req/s. Isizathu sokuthi i-dhclient ithinte ukusebenza isekuhlaziyweni kwethrafikhi kusetshenziswa isokhethi eluhlaza.
  • Ukulwa Spin Lock. Ukushintsha isitaki senethiwekhi siye kumodi ethi “noqueue” nge-sysctl “net.core.default_qdisc=noqueue” kanye “ne-tc qdisc esikhundleni se-dev eth0 root mq” kuholele ekwenyukeni kokusebenza okungu-2%, nokuphuma kwemali kukhuphuke kusuka ku-1.12M req/s kuya ku-1.15M req/s.
  • Ukulungiselelwa okuncane kokugcina, njengokukhubaza i-GRO (Generic Receive Offload) ngomyalo othi “ethtool -K eth0 gro off” futhi esikhundleni se-cubic congestion algorithm nge-reno usebenzisa i-sysctl “net.ipv4.tcp_congestion_control=reno”. Ukukhula kokukhiqiza sekukonke kube ngama-4%. Ukukhiqiza kukhuphuke ukusuka ku-1.15M req/s kuya ku-1.2M req/s.

Ngokungeziwe ekuthuthukisweni okusebenzayo, i-athikili iphinde ixoxe ngezindlela ezingazange ziholele ekwenyukeni kokusebenza okulindelekile. Isibonelo, okulandelayo kubonakale kungasebenzi:

  • I-libreactor egijimayo ngokuhlukene ayizange ihluke ekusebenzeni nasekuyiqhubeni esitsheni. Ukushintsha i-writev ngokuthumela, ukukhulisa ama-maxevents ku-epoll_wait, nokuhlola izinguqulo ze-GCC namafulegi akubanga namphumela (umphumela uphawuleka kuphela kumafulegi okuthi “-O3” kanye “ne-march-native”).
  • Ukuthuthukisa i-Linux kernel ibe izinguqulo 4.19 kanye no-5.4, kusetshenziswa abahleli be-SCHED_FIFO kanye ne-SCHED_RR, ukushintsha i-sysctl kernel.sched_min_granularity_ns, i-kernel.sched_wakeup_granularity_ns, transparent_hugepages=never, skew did_tick.
  • Kumshayeli we-ENA, ukunika amandla amamodi okukhipha (i-segmentation, i-scatter-gather, i-rx/tx checksum), ukwakha ngefulegi elithi “-O3”, nokusebenzisa i-ena.rx_queue_size kanye nemingcele ye-ena.force_large_llq_header akuzange kube nomthelela.
  • Izinguquko kusitaki senethiwekhi azizange zithuthukise ukusebenza:
    • Khubaza i-IPv6: ipv6.disable=1
    • Khubaza i-VLAN: modprobe -rv 8021q
    • Khubaza ukuhlola umthombo wephakheji
      • net.ipv4.conf.all.rp_filter=0
      • net.ipv4.conf.eth0.rp_filter=0
      • net.ipv4.conf.all.accept_local=1 (umphumela omubi)
    • net.ipv4.tcp_sack = 0
    • net.ipv4.tcp_dsack=0
    • net.ipv4.tcp_mem/tcp_wmem/tcp_rmem
    • net.core.netdev_budget
    • net.core.dev_weight
    • net.core.netdev_max_backlog
    • net.ipv4.tcp_slow_start_after_idle=0
    • net.ipv4.tcp_moderate_rcvbuf=0
    • net.ipv4.tcp_timestamps=0
    • net.ipv4.tcp_low_latency = 1
    • SO_PRIORITY
    • TCP_NODELAY

    Source: opennet.ru

Engeza amazwana