Hi Dmitriy, On Wed, Jul 20, 2011 at 12:13:52AM +0400, Dmitriy Samsonov wrote: > Hi! > > I've got stable 70-80k session rate at last:)
Nice! > I've tried everything, upgraded haproxy to 1.4.15, tried "bind :80 > defer-accept", event wrote a script to try all possible combinations > for cpu_affinity for IRQs/haproxy(it's important note). I've also > removed bond0. Nothing helped. OK. > After that, following advice by Hank A. Paulson, I've rebooted server > and disabled hyperthreading (logical processors as Dell calls it), and > then without any other tuning I've got 40-50k session rate. After > binding irq/haproxy to first and second cores I saw 70-80k. So it was > just slow linear processing power of Xeon CPU. If you were running with hyperthreading, then it's very likely that the working cores were polluted by other activity on their siblings. In our appliances we manage to reach high perf even with HT left enabled, just because we are very careful to bind only the first thread of each real core. Older CPUs were very slow when HT was enabled, but recent ones are doing an impressive job (you can tell it's impressive by the fact that I stopped blackmouthing this technology, and it takes a lot :-)). > So it is impossible to > get this 2xHexacore Xeon @2.66 run haproxy faster then my desktop > (which is simple core i5 - it showed 85k session rate without any > tuning at all). I'm realizing another thing : if it's 2 sockets, it's possible that core 0 is one of them and core 1 the other one. You should really ensure that all the low-latency processing is performed by the same physical CPU in order to avoid inter-CPU communications. /proc/cpuinfo will tell you what core is where. And to make it simple : use two real cores of the same physical CPU sharing the same L2 cache (if possible) or L3. That way you have the most processing power with limited cache misses. > Tommorow I'm going to try running to two haproxy processes and > distributing irqs on second core. Also I'm going to try to remove MSI > support when loading bnx2. I have almost no hope to see 100k here, but > I'm just curios:) At least now you know that in case of a DDoS, you can just put your desktop machine in front of your expensive servers to protect them :-) Regards, Willy
