Jail to jail network performance?
bfoz at terrandev.com
Mon Sep 26 12:06:43 PDT 2005
Ok, here's what I've decided. But first, thanks for all of the help.
Currently the MySQL databases are on a seperate RAID volume, and I'd like to keep it that way for performance purposes. In general I want to avoid putting anything on the raid that isn't a database. I don't want the raid volme to get hit for both database access and regular httpd/system use. In order to make a hardlink to the mysql socket it would have to be on the same volume as the httpd jail, which would then mean both jails have to be on the raid volume, which is what I want to avoid. However, if mysql isn't jailed it has access to both system and raid volumes and can put it's socket someplace accessible to the httpd jail. Since I've already set mysql to only accept domain socket connections I can probably get away without putting it in a jail. So I've decided to jail httpd and friends and leave mysql running in the host environment.
I would have liked to use Robert Watson's suggested socket brokering daemon, and I stumbled on socat which appears to do the trick. But as far as I can tell socat just copies between two sockets, which seems like it might have performance issues. Albeit less so than using TCP sockets. Ideally I would like a daemon like socat that can connect/merge two sockets into one, effectively creating a direct connection and eliminating a copy. But AFAICT that isn't possible with the current interface. I don't know enough about the kernel to know if such a thing is even possible, but intuitively it seems like it should be. If somebody where to make socket merging possible, or tell me how to do it, I would be happy to write the daemon to make use of it. Until then I'm using an unjailed mysql.
Thanks for the help.
More information about the freebsd-stable