Hi Dmitriy,

On Wed, Jul 20, 2011 at 12:13:52AM +0400, Dmitriy Samsonov wrote:
> Hi!
> I've got stable 70-80k session rate at last:)


> I've tried everything, upgraded haproxy to 1.4.15, tried "bind :80
> defer-accept", event wrote a script to try all possible combinations
> for cpu_affinity for IRQs/haproxy(it's important note). I've also
> removed bond0. Nothing helped.


> After that, following advice by Hank A. Paulson, I've rebooted server
> and disabled hyperthreading (logical processors as Dell calls it), and
> then without any other tuning I've got 40-50k session rate. After
> binding irq/haproxy to first and second cores I saw 70-80k. So it was
> just slow linear processing power of Xeon CPU.

If you were running with hyperthreading, then it's very likely that the
working cores were polluted by other activity on their siblings. In our
appliances we manage to reach high perf even with HT left enabled, just
because we are very careful to bind only the first thread of each real
core. Older CPUs were very slow when HT was enabled, but recent ones are
doing an impressive job (you can tell it's impressive by the fact that I
stopped blackmouthing this technology, and it takes a lot :-)).

> So it is impossible to
> get this 2xHexacore Xeon @2.66 run haproxy faster then my desktop
> (which is simple core i5 - it showed 85k session rate without any
> tuning at all).

I'm realizing another thing : if it's 2 sockets, it's possible that
core 0 is one of them and core 1 the other one. You should really
ensure that all the low-latency processing is performed by the same
physical CPU in order to avoid inter-CPU communications. /proc/cpuinfo
will tell you what core is where. And to make it simple : use two real
cores of the same physical CPU sharing the same L2 cache (if possible)
or L3. That way you have the most processing power with limited cache

> Tommorow I'm going to try running to two haproxy processes and
> distributing irqs on second core. Also I'm going to try to remove MSI
> support when loading bnx2. I have almost no hope to see 100k here, but
> I'm just curios:)

At least now you know that in case of a DDoS, you can just put your
desktop machine in front of your expensive servers to protect them :-)


Reply via email to