[lvs-users] NFCT and PMTU
ja at ssi.bg
Tue Sep 11 00:18:30 BST 2012
On Mon, 10 Sep 2012, lvs at elwe.co.uk wrote:
> I will give this a go tomorrow. I just need to find a client on a network
> with a <1500 byte MTU! I guess I will have to make one.
I remember that I test forwarding of ICMP from
client to real server by adding REJECT rule in client box,
test_client# iptables -I INPUT -p tcp -s VIP --sport 80 -j REJECT
It will reject the SYN-ACK packet.
The default message is port-unreachable but it
does not matter, tcpdump will show if message is
correctly forwarded to real server.
> Under CentOS 3 (traditional interrupts) with SMP affinity set to all cores
> (or rather half the cores for the external NIC and half for internal NIC)
> load scaled linearly until it fell off a cliff and load hit 100% and more
> generated traffic resulted in no more throughput (lots of Xoffs). I also
> have some old data showing NFCT improving performance on CentOS 3.
So, keeping netfilter conntracks (conntrack=1) uses
less CPU cycles than creating conntracks with every
packet (conntrack=0). I hope you have large nf_conntrack_max
value for the conntrack=1 case.
> Looking at my monitoring graphs for one director when I flipped conntrack
> from 1 to 0 overall traffic in the peak hour stayed at 1.4Gb while softirq
> load on the busiest core rose from around 43% to around 62%. Average
> sotirq load across all cores rose from 27% to 40%. I realise these figures
> don't tie up with those higher up, but this is a different director with a
> different mix of services. I have another with no email doing 1.1Gb of
> traffic and only 15% softirq on the busiest core. Email is expensive to
Julian Anastasov <ja at ssi.bg>
More information about the lvs-users