From nobody Sat Sep 14 10:25:16 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X5S431S6Sz5WZ3S for ; Sat, 14 Sep 2024 10:25:23 +0000 (UTC) (envelope-from cryintothebluesky@gmail.com) Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X5S415SxVz451C; Sat, 14 Sep 2024 10:25:21 +0000 (UTC) (envelope-from cryintothebluesky@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-42cb58d810eso24821915e9.0; Sat, 14 Sep 2024 03:25:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726309519; x=1726914319; darn=freebsd.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=Jp8gLxTf/zPs0W0X7TOUzgJkz422vPHSLThv0ZljW70=; b=Zu4eIfAQcXOnj1hnS5AutcmkbDKx0VdB9cWqRjS94nvPhDk4WSA8z7KXo92hv6hoMV 9chE4cw9QC/a7JWT9rv4h9RTo1k0CXegLo0ZgC96/X9/G7TtTDHI9zg7U6WysU0uIrUq PYSdLEUfBqWUDH04gxj0NeHP2IsDrSJ0KQ9hH3Q/Bd94zrSFO8Arz4vERludJXXL8bAz AirOahhUiRX0r45t+ZXVK/yHpGxD6S6LvSe0M+C2B5TqimLCXybyXMYxQNjgUlvJ/0ig BhyUMqg8Sf9BnZZBL+KkiL7lb+jR0Xf5gEDAQ7IW02N8BhnHGyVa8lSMqm6cFXOYJqFH qGOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726309519; x=1726914319; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jp8gLxTf/zPs0W0X7TOUzgJkz422vPHSLThv0ZljW70=; b=WQZdvFuMIk1e3bCQ6P9Uc9dsD2NDvQP0CJQkadgdNYknLckJYE356J9rXb4W7JGjN2 OsnAoOsq3jzf5m5tgJDUUSi4eUQDWhz9PeH+UkeTimsBwh/3yXIZH1JuJmonJ0UjfkYl KMQ7i+DRvW9IHJnYPBy2PQKnh8IQZARqwEPmr769M3gaQZ3T1bzi0E5On928PpGjUgzO Rt531uJ75IiaC6zTGikS+PiI+c1QIojGeqd2sgErvhPxKJKqr5po/nRGNpsgwloYtWa7 Z7O4aEhKFWa4N26qzkHGoBC7VkNSHKCGz7kIKUNRZqxbdrzprpCjLVXdqYdr9ZcMtHtI roVQ== X-Forwarded-Encrypted: i=1; AJvYcCX7Fpab3EYAQie4pJb3J6f+FvQAhXhcnuDhXWbY4h7RT3EfSv5cMjZtwQ0D7bL7pyJvt24jjpt7LSHiZw==@freebsd.org X-Gm-Message-State: AOJu0Yye63+NP59w40b9UYIlwiTq4L/3G0N0Y28jndrfMko0ouxIrGfW nJfHeLNhZMRqNUAV+ZPxpLDvqTGOweNfF1E29BqsD8Z/E4Ib86mQtYpiCw== X-Google-Smtp-Source: AGHT+IGX4WysTFOt285jGG3+swlw6KEaW9LKyU8Y3faxQQwQwnwdO8OufX5tq2/ltxKEqsP1AwXkWw== X-Received: by 2002:a05:600c:1ca2:b0:42c:ae4e:a96c with SMTP id 5b1f17b1804b1-42cdcbb8630mr56429505e9.16.1726309518329; Sat, 14 Sep 2024 03:25:18 -0700 (PDT) Received: from z600.home.lan (113.129.159.143.dyn.plus.net. [143.159.129.113]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42d9b054d2dsm50466505e9.3.2024.09.14.03.25.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Sep 2024 03:25:17 -0700 (PDT) Date: Sat, 14 Sep 2024 11:25:16 +0100 From: Sad Clouds To: Zhenlei Huang Cc: Mark Saad , FreeBSD Net Subject: Re: Performance issues with vnet jails + epair + bridge Message-Id: <20240914112516.cfb31bae68ab90b83ca7ad4b@gmail.com> In-Reply-To: References: <20240913100938.3eac55c9fbd976fa72d58bb5@gmail.com> <39B2C95D-1E4F-4133-8923-AD305DFA9435@longcount.org> <20240913155439.1e171a88bd01ce9b97558a90@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4X5S415SxVz451C On Sat, 14 Sep 2024 10:45:03 +0800 Zhenlei Huang wrote: > The overhead of vnet jail should be neglectable, compared to legacy jail > or no-jail. Bare in mind when VIMAGE option is enabled, there is a default > vnet 0. It is not visible via jls and can not be destroyed. So when you see > bottlenecks, for example this case, it is mostly caused by other components > such as if_epair, but not the vnet jail itself. Perhaps this needs a correction - the vnet itself may be OK, but due to a single physical NIC on this appliance, I cannot use vnet jails without virtualised devices like if_epair(4) and if_bridge(4). I think there may be other scalability bottlenecks. I have a similar setup on Solaris Here devel is a Solaris zone with exclusive IP configuration, which I think may be similar to FreeBSD vnet. It has a virtual NIC devel/net0 which operates over the physical NIC also called net0 in the global zone: $ dladm LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- net2 phys 1500 up -- net3 phys 1500 up -- pkgsrc/net0 vnic 1500 up net0 devel/net0 vnic 1500 up net0 If I run TCP bulk data benchmark with 64 concurrent threads, 32 threads with server process in the global zone and 32 threads with client process in the devel zone, then the system evenly spreads the load across all CPU cores and none of them are sitting idle: $ mpstat -A core 1 COR minf mjf xcal intr ithr csw icsw migr smtx srw syscl usr sys st idl sze 0 0 0 2262 2561 4 4744 2085 209 7271 0 747842 272 528 0 0 8 1 0 0 3187 4209 2 9102 3768 514 10605 0 597012 221 579 0 0 8 2 0 0 2091 3251 7 6768 2884 307 9557 0 658124 244 556 0 0 8 3 0 0 1745 1786 16 3494 1520 176 8847 0 746373 273 527 0 0 8 4 0 0 2797 2767 3 5908 2414 371 7849 0 692873 253 547 0 0 8 5 0 0 2782 2359 5 4857 2012 324 9431 0 684840 251 549 0 0 8 6 0 0 4324 4133 0 9138 3592 538 12525 0 516342 191 609 0 0 8 7 0 0 2180 3249 0 6960 2926 321 8825 0 697861 257 543 0 0 8 With FreeBSD I tried "options RSS" and increasing "net.isr.maxthreads" however this resulted in some really flaky kernel behavior. So I'm thinking that if_epair(4) may be OK for some low-bandwidth use cases, i.e. testing firewall rules, etc, but not suitable for things like file/object storage servers, etc.