Skip to main content

The server, me and the conversation

We were moving a project from AWS to our co-located DC. We have setup KVMs scheduled by Cloudstack for each of the component in the architecture. The KVMs used local storage. The VMs are provisioned with more than required resources because we have the opinion that in our DC scaling during peak load and then downscaling doesn't offer much benefits financially as we are anyways paying for the hardware in advance and its also powered on. Its going to be idle if not used. Now we found something interesting our latency in co-located DC was 2 times more than in AWS. The time for first byte at our load balancer in aws was 60ms average and at our DC was 112ms. We started our debugging mission, Mission Conquer-AWS. All the servers are newer Dell hardwares. So the initially intuition was virtualisation is causing the issue.

Conversation with the Hypervisor

We started with CPU optimisation, we started using the host-passthrough mode of CPU in libvirt so VMs dont see QEMU emulated CPUs, they see the actual CPU so they understand the flags supported by the underlying hardware and can use instruction set accordingly. We did VCPU pinning so that latency due to NUMA is ruled out (we know this should cause nano second latency not in millisecond). We stopped Kernel shared pages completely so that CPU time is not spent in finding identical pages and use Copy on Write if shared pages are written to. We also disabled transparent huge pages to avoid CPU time being spent on defragmenting memory for allocating huge pages. We didn't see any of the above optimisations yield noticeable impact in latency.

During the debugging we noted libvirt is configured to use ide for disks and e1000 for network calls. We understood KVM is running full virtualisation with HVM instead of Paravirtualised HVM. This causes KVM to do VMEXIT on an interrupt, handle it and do VMRUN. We restarted all vms with Virtio driver so the PV mode is on. On an interrupt guest via PV driver will talk to emulated QEMU device and do the IO. This reduced our latency to 100ms

We are out of optimisations at hypervisor level and we are still 40ms behind AWS. There are still options available but all of them will improve in nano second which is not going to help us when we are over-provisioned(here over provisioned means provisioned beyond requirement, not to be confused with CPU overprovisioning terminology in VM world)

The next obvious choice was to test at baremetal directly and see how much it is giving raw performance. The baremetal gave pretty much same latency. This was something a shocker to us as unless AWS has a magic sauce of their own, beating baremetal with a virtualisation technology with such a huge margin is unimaginable. We removed hypervisor from the possible suspect list.

Conversation with the server

We saw the ping latency to VM was sometimes higher than the ping latency to bare metal directly. This took us to the following 
response by Greg
The IO thread of KVM may be scheduled at a processor in C6 state and the latency may be due to wake up latency of the processor to C0 state. So we made IOthread busy with iperf and tried ping, the responsiveness of ping increased and we saw an improvement of 0.2 ms in ping response. We decided to fix the C state to 0 at the grub so that CPU always runs hot. This needed reboot of the whole infra as host machines had to be restarted with desired max C state. During this literature survey we also hit at P state. C state controls the sleep cycle of processors for power efficiency. P states control the frequency of the processors for power efficiency. Intel supports two scaling governors perfomance and powersave. Powersave uses P states which are biased toward powersaving efficiency than performance and this is the default P state in Linux. /proc/cpuinfo showed the CPUs running at 1.2GHz which is 50% of their 2.4GHz. So the instruction cycle runs double the time than it can run when hot. We switched the governor to performance mode. (
Performance mode selects P states and set frequency accordingly where performance is biased over power efficiency. The performance improved and the latency came down to 60ms.
In the hindsight this looks like the first thing to be checked. 

Overall the mission is accomplished and we have started migrating traffic from AWS. Lesson Learnt - Look at the /proc/cpuinfo cpu MHz before getting into further optimisation


Popular posts from this blog

How we have systematically improved the roads our packets travel to help data imports and exports flourish

This blog post is an account of how we have toiled over the years to improve the throughput of our interDC tunnels. I joined this company around 2012. We were scaling aggressively then. We quickly expanded to 4 DCs with a mixture of AWS and colocation. Our primary DC is connected to all these new DCs via IPSEC tunnels established from SRX. The SRX model we had, had an IPSEC throughput of 350Mbps. Around December 2015 we saturated the SRX. Buying SRX was an option on the table. Buying one with 2Gbps throughput would have cut the story short. The tech team didn't see it happening. I don't have an answer to the question, "Is it worth spending time in solving a problem if a solution is already available out of box?" This project helped us in improving our critical thinking and in experiencing the theoretical network fundamentals on live traffic, but also caused us quite a bit of fatigue due to management overhead. Cutting short the philosophy, lets jump to the story.

LXC and Host Crashes

 We had set up a bunch of lxc containers on two servers each with 16 core CPUs and 64 GB RAM(for reliability and loadbalancing). Both the servers are on same vlan. The servers need to have atleast one of their network interface in promiscuous mode so that it forwards all packets on vlan to the bridge( ) which takes care of the routing to containers. If the packets are not addressed to the containers, the bridge drops the packet. Having this setup, we moved all our platform maintenance services to these containers. They are fault tolerant as we used two host machines where each host machine has a replica of the containers on the other. The probability to crash for both the servers at the same time due to some hardware/software failure is less. But to my surprise both the servers are crashing exactly the same time with a mean life time 20 days. We had to wake up late nights(early mornings) to fix stuffs that gone down The

The FB outage

 This outage has caused considerable noise everywhere. It was quite discomforting for me because during the whole conversation nobody bothered to understand the gravity of the issue. I don't expect end users to understand the issue. But this is going to be a blogpost for all of those in the tech field, Such an event can happen how much ever chaos engineering, best of the tech jargon we implement in the stack To all my Site Reliability Engineer friends, Site Up is our first priority. I myself said many a times outage is news and SREs should prevent outage. But I'm afraid this is leading to a cult in the industry who despises outages and takes no learnings from it. I don't know what has happened in Facebook. I can explain a scenario which may or may not be right but that can definitely show the gravity of the issue. Let's draw a probable Facebook architecture Disclaimer I don't work at Facebook. So this might not be how facebook routes traffic. This is based on my exp