各位看官非常对不起,本文是用因为写的,如果多有不便敬请见谅
代码是在商业公司编写的,在商业产品中也不能开源,再次抱歉
 
This presentation will highlight our efforts on optimizing the
Linux TCP/IP stack for providing networking in an
OpenStack environment, as deployed at our industrial customers.
 
 
Our primary goal is to provide a high-quality and highly performant TCP/IP stack.
To achieve this, we have to identify the performance bottlenecks in
the Linux TCP/IP stack for networking in OpenStack. We have performed a lot of
Linux TCP/IP stack performance tuning, related to NIC, CPU cache hit rate, spin lock,
memory alloc and others. However, we learned while measuring that conntrack NAT
uses too much CPU such for instance for the ipt_do_table function.
Linux conntrack is very good, but it is too heavy and many functions are not used.
Instead, we implemented FAST NAT in the Linux TCP/IP stack.
 
 
We will present our efforts on reducing the performance costs.
First, FAST NAT uses spin lock instead of global connection table but the entry to greatly reduces the CPU waiting time,
and user policies is instead stored as a hash table not a list. The connection table and user
policy is per-NUMA, this would avoid CPU through QPI waste much time and increase delay.
Second, FAST NAT does not record the TCP status,
but only record a tuple with relevant connection formation for NAT forward.
This can reduce much check for forwarding packet.
Entry in the connection table can be set to expire on
an absolute expiration time or relative expiration time basis.
Relative expiration time will incresae by per forwarding packet.
Global connection table don't synchronize for reducing lock's using. This may casue one TCP stream in
per-NUMA connection table. If we use Intel Ixgbe NIC with Flow Director ATR mode, the incoming
stream and outcoming stream will have same index for multiple queues. The mentioned limit above
will disappear.
 
Limitations of FAST NAT only TCP and UDP are supported.
Although some limitations exist, our work has paid off and resulted in 15-20 percentage pps improvement.

Linux内核协议栈 NAT性能优化之FAST NAT的更多相关文章

  1. (转)linux内核参数注释与优化

    linux内核参数注释与优化 原文:http://blog.51cto.com/yangrong/1321594 http://oldboy.blog.51.cto.com/2561410/13364 ...

  2. 写在学习linux内核协议栈之前

    一直很喜欢内核,但是新手,非常的痛苦啊.现在看一本linux内核协议栈源码解析一书,将自己学习的经历以及 理解记录下来,以备将来回头查漏补缺,同时校正自己的理解错误,自勉

  3. TCP/IP协议栈源码图解分析系列10:linux内核协议栈中对于socket相关API的实现

    题记:本系列文章的目的是抛开书本从Linux内核源代码的角度详细分析TCP/IP协议栈内核相关技术 轻松搞定TCP/IP协议栈,原创文章欢迎交流, byhankswang@gmail.com linu ...

  4. linux内核参数注释与优化

    目录 1.linux内核参数注释 2.两种修改内核参数方法 3.内核优化参数生产配置 参数解释由网络上收集整理,常用优化参数对比了网上多个实际应用进行表格化整理,使查看更直观. 学习linux也有不少 ...

  5. redmine在linux上的mysql性能优化方法与问题排查方案

    iredmine的linux服务器mysql性能优化方法与问题排查方案     问题定位:   客户端工具: 1. 浏览器inspect-tool的network timing工具分析   2. 浏览 ...

  6. 《嵌入式Linux内存使用与性能优化》笔记

    这本书有两个关切点:系统内存(用户层)和性能优化. 这本书和Brendan Gregg的<Systems Performance>相比,无论是技术层次还是更高的理论都有较大差距.但是这不影 ...

  7. Linux 内核协议栈之TCP连接关闭

    Close行为: 当应用程序在调用close()函数关闭TCP连接时,Linux内核的默认行为是将套接口发送队列里的原有数据(比如之前残留的数据)以及新加入 的数据(比如函数close()产生的FIN ...

  8. Linux 内核协议栈 学习资料

    终极资料 1.<Understanding Linux Network Internals> 2.<TCP/IP Architecture, Design and Implement ...

  9. Linux内核协议栈相关资料链接

    1.Linux内核网络分析(个人博客集合,分析较清晰) http://blog.csdn.net/qy532846454/article/category/1385933/2

随机推荐

  1. PortMon(电脑开放端口检查工具) 3.03 免费绿色版

    软件名称: PortMon(电脑开放端口检查工具) 3.03 免费绿色版 软件语言: 英文 授权方式: 免费软件 运行环境: Win7 / Vista / Win2003 / WinXP / Win2 ...

  2. Maven手动增加依赖jar到本地Maven仓库中

    Apache Maven是一个项目管理及自动构建工具,有APache软件基金会提供.我们只要配置成功后就可以通过配置pom.xml添加所需依赖的jar包和类库,因为这些类库已经在我们配置的Maven仓 ...

  3. util:properties与context:property-placeholder

    spring 使用注解装配的Bean如何使用property-placeholder属性配置中的值 这个问题不大不小,以前偷懒凡是碰到需要引用属性文件中的类时就改用xml来配置. 今天看了下sprin ...

  4. android源码查看所有分支切换分支

    cd .repo/manifests git branch -a repo init -b android-4.1.2_r1 repo sync

  5. zoj 1718 poj 2031 Building a Space Station

    最小生成树,用了Kruskal算法.POJ上C++能过,G++不能过... 算出每两个圆心之间的距离,如果距离小于两半径之和,那么这两个圆心之间的距离直接等于0,否则等于距离-R[i]-R[j]. # ...

  6. kali自动化清理缓存和日志

    前几天发现kali无法正常开机,启动盘启动进去之后, 发现/var/log/目录下的日志文件太大把硬盘占满了,于是乎... 文件主要是这三个: kern.log :   包含内核产生的日志,有助于在定 ...

  7. z-index研究

    文章来源: http://www.neoease.com/css-z-index-property-and-layering-tree/ 总结: 1.z-index只有在设置position:rela ...

  8. 《JS权威指南学习总结--第五章语句》

    内容要点: 一.throw语句     所谓异常是当发生了某种异常情况或错误时产生的一个信号.     抛出异常就是用信号通知发生了错误或异常状况.     捕获异常时指处理这个信号,即采取必要的手段 ...

  9. PostgreSQL ----- No relations found.

    本篇文章可能有错,尚未细细研究 运行\d出错: No relations found. \d只显示可见的表,也就是该数据库的schema在search_path中. SHOW search_path; ...

  10. ssh原理[转]

    SSH是每一台Linux电脑的标准配置. 随着Linux设备从电脑逐渐扩展到手机.外设和家用电器,SSH的使用范围也越来越广.不仅程序员离不开它,很多普通用户也每天使用. SSH具备多种功能,可以用于 ...