Re: [Unbound-users] High number of system context switches

[Jan-Frode Myklebust]

I just got a question off-list if I could share my configuration,
by someone that was only able to get 15Kqps measured by query-perf,
on an 8 core, 8GB physical server, with libevent2. I prefer answering
on-list, in hope that others might chime :-)

I don't think there's anything special about our configuration:

HW:
An IBM HS22 blade, with two quad-core Intel E5620 (2.40GHz), with HT
enabled, and 18GB memory.

Software is RHEL6-latest, with unbound from EPEL
(unbound-1.4.22-1.el6.x86_64, libevent-1.4.13-4.el6.x86_64). Only system
tuning is increasing net.nf_conntrack_max to 524288, and
net.netfilter.nf_conntrack_udp_timeout to 10.

Full unbound.conf attached.

My 30Kqps number is from real usage, not benchmark.  So we might maybe
be hitting cached entries more often than a synthetic benchmark. 



  -jf

server:
        verbosity: 1
        statistics-interval: 60
        statistics-cumulative: yes
        extended-statistics: yes
        num-threads: 8
        interface: 0.0.0.0
        interface: ::0
        interface-automatic: yes
        outgoing-range: 4096
        outgoing-port-permit: 32768-65535
        outgoing-port-avoid: 0-32767
        max-udp-size: 3072
        msg-cache-size: 4G
        num-queries-per-thread: 4096
        rrset-cache-size: 8G
        cache-min-ttl: 2
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        access-control: 0.0.0.0/0 allow
        access-control: ::0/0 allow
        chroot: ""
        username: "unbound"
        directory: "/etc/unbound"
        log-time-ascii: yes
        pidfile: "/var/run/unbound/unbound.pid"
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        use-caps-for-id: no
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: no
        trusted-keys-file: /etc/unbound/keys.d/*.key
        auto-trust-anchor-file: "/var/lib/unbound/root.anchor"
        val-clean-additional: yes
        val-permissive-mode: no
        val-log-level: 2
        include: /etc/unbound/local.d/*.conf
remote-control:
        control-enable: yes
        control-interface: 127.0.0.1
        control-interface: ::1
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf

_______________________________________________
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users