From a13be45f7bfe7e29ecf5ae2f8d43ae37129ee7ab Mon Sep 17 00:00:00 2001 From: Edison Su Date: Sat, 21 May 2011 21:05:28 -0400 Subject: [PATCH] bug 8350: haproxy tunning: 0. Test case: httpd running in 5 user VMs, all of them created on a xenserver host(16 core, 42G memroy, 10G network) domR running on an anther host with same hardware configuration. test application, ab, running on anther host behind an anther seperate switch 1.haproxy is not a memory intensive app. I can get 4625.96 connection/s with 1G memory. While it's really a CPU intensive app, domR always uses around 100% CPU on the host. 2.By default, you can't get better connection/s rate, because ip_conntrack_max and tw_bucket are too small, you will see the error in domR like: "TCP: time wait bucket table overflow" or "nf_conntrack: table full, dropping packet". So I increase these numbers to 1000000 from 65536, then I can steadly get around 4600 connection/s when memory is >= 1G. Here is the connection per second, tested by "ab -n 1000000 -c 100 http://192.168.170.152:880/test.html" domR memory conn/s 128M: 3545.55 256M: 4081.38 512M: 4318.18 1G: 4625.96 7G: 4745.53 3. If I enable notrack for both connections between domr/user vm, and public network, that tell iptable in domR don't track the connection during my test, then I can get better number, around 5800 connections/s. But we can't enable notrack, as iptables is used to track throughput in domR. 4. In a word, with this commit, the connection rate of haproxy can be increased from 1000-2000/s to 4700/s when domR's memory is larger than 1G. 5. How many CPU need to assign to domR to get this number? Haven't finished yet, as CPU is shared by all the VMs on the host, if other VMs are busy, it will impact the performance of haproxy. --- core/src/com/cloud/network/HAProxyConfigurator.java | 5 ++--- patches/systemvm/debian/config/etc/sysctl.conf | 5 ++++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/core/src/com/cloud/network/HAProxyConfigurator.java b/core/src/com/cloud/network/HAProxyConfigurator.java index 23d35f81364..00ba0d34fe9 100644 --- a/core/src/com/cloud/network/HAProxyConfigurator.java +++ b/core/src/com/cloud/network/HAProxyConfigurator.java @@ -38,7 +38,7 @@ import com.cloud.utils.net.NetUtils; */ public class HAProxyConfigurator implements LoadBalancerConfigurator { private static String [] globalSection = {"global", - "\tlog 127.0.0.1:3914 local0 info", + "\tlog 127.0.0.1:3914 local0 warning", "\tmaxconn 4096", "\tchroot /var/lib/haproxy", "\tuser haproxy", @@ -139,8 +139,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { sb = new StringBuilder(); sb.append("\t").append("server ").append(poolName) .append("_").append(Integer.toString(i++)).append(" ") - .append(rule.getDstIp()).append(":").append(rule.getDstPortRange()[0]) - .append(" check"); + .append(rule.getDstIp()).append(":").append(rule.getDstPortRange()[0]); result.add(sb.toString()); } result.add(getBlankLine()); diff --git a/patches/systemvm/debian/config/etc/sysctl.conf b/patches/systemvm/debian/config/etc/sysctl.conf index 71acc2b6f04..71b90f08d2a 100644 --- a/patches/systemvm/debian/config/etc/sysctl.conf +++ b/patches/systemvm/debian/config/etc/sysctl.conf @@ -36,4 +36,7 @@ kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 -net.ipv4.netfilter.ip_conntrack_max=65536 +net.ipv4.netfilter.ip_conntrack_max=1000000 +net.ipv4.tcp_tw_reuse=1 +net.ipv4.tcp_max_tw_buckets=1000000 +net.core.somaxconn=1000000