CentOS 7 Review. Part 5: Network Performance Optimization
In previous articles on CentOS 7, it was reviewed:
Part 1: Linux containers
Part 2: Identity Management
Part 3: NFS, FedFS, pNFS
Part 4: Mitigating TCP SYN Flood DDoS Attacks
In this article we will talk about network improvements on CentOS 7:
At the end of the article links to the free testing of CentOS 7 in the InfoboxCloud cloud and in the VPS from Infobox .
Network bandwidth usage continues to grow. The network can become a potential application bottleneck. CentOS 7 adds support for 40 Gbps networks, which allows faster data exchange between systems and applications. The Team Driver mechanism has been added to CentOS 7, which allows virtually combining a set of network devices (ports) into a single logical interface. This is useful for maximum throughput and network resiliency.
')
To simplify network management, Network manager in CentOS 7 received a significant update that corrects a number of drawbacks associated with configuring network interfaces and services. A new command line network management utility (NM-CLI) for easy setup and network management has been added. This tool should be required from system administrators to manage servers from the command line, for remote server management and scripting.
Introduced approximately 40 years ago, TCP was designed to provide reliable communication between hosts. Despite large-scale network changes during this time, we still use TCP.
CentOS 7 introduced TCP performance optimizations that reduce latency and decrease application response times:
Despite the fact that the Linux network stack is considered one of the fastest and most reliable, some applications require ultra-low latency. Reducing the delay by one millisecond for a large brokerage firm can generate $ 100 million a year. Many use non-standard approaches to bypass the network stack in user space.
Low latency sockets - a software implementation in the kernel designed to reduce network latency and jitter. This feature allows the application to allow polling for new packets directly from the device driver, providing packages with a fast path in the network stack. This change causes the driver to check the interface for new packages and passes them without causing a lock.
The technology allows applications sensitive to unpredictable delays to use the busy-wait polling method instead of using interrupts for incoming packets.
Accurate time synchronization in microseconds and nanoseconds is very important for critical applications with high demands on performance and latency, such as when trading on exchanges. CentOS 7 has a new implementation of the NTP protocol - Chrony, which allows you to synchronize time faster and more accurately than ntpd. Chrony also works better in virtual machines or on computers with energy-saving technologies, while keeping time accurate.
In addition to the NTP enhancements, Cent OS 7 introduced support for the IEEE 1588 version 2 Precision Time Protocol (PTP) standard. PTP provides accuracy less than a millisecond.
Iptables was developed at a time when networks were simple and bandwidths were measured in megabits. New technologies (distributed NAT, overlay networks and containers) require enhanced functionality and flexibility. A new dynamic FirewallD service has been added to CentOS 7. The service provides greater flexibility compared to iptables, for example, it supports various network trust zones. With FirewallD, you can apply rules without restarting the service, without losing current connections.
Sources used in the preparation of the article:
RedHat official blog
RedHat Knowledge Base
CentOS Official Blog
Especially for our readers, we provided the opportunity to try CentOS 7 in the InfoboxCloud cloud. Register the trial version of the cloud at this link . You can try the classic VPS with CentOS 7 for free, using the freevps promo code on the Infobox website . If you need more resources for testing, write .
If you can not ask questions on Habré, you can ask them in the comments to the article in the InfoboxCloud Community .
Successful use of CentOS 7!
Part 1: Linux containers
Part 2: Identity Management
Part 3: NFS, FedFS, pNFS
Part 4: Mitigating TCP SYN Flood DDoS Attacks
In this article we will talk about network improvements on CentOS 7:
- network performance optimization;
- low latency socket support;
- high-precision time synchronization.
- security enhancements;
At the end of the article links to the free testing of CentOS 7 in the InfoboxCloud cloud and in the VPS from Infobox .
Network bandwidth usage continues to grow. The network can become a potential application bottleneck. CentOS 7 adds support for 40 Gbps networks, which allows faster data exchange between systems and applications. The Team Driver mechanism has been added to CentOS 7, which allows virtually combining a set of network devices (ports) into a single logical interface. This is useful for maximum throughput and network resiliency.
')
To simplify network management, Network manager in CentOS 7 received a significant update that corrects a number of drawbacks associated with configuring network interfaces and services. A new command line network management utility (NM-CLI) for easy setup and network management has been added. This tool should be required from system administrators to manage servers from the command line, for remote server management and scripting.
Network performance optimization
Introduced approximately 40 years ago, TCP was designed to provide reliable communication between hosts. Despite large-scale network changes during this time, we still use TCP.
CentOS 7 introduced TCP performance optimizations that reduce latency and decrease application response times:
- TCP Fast Open : an experimental TCP extension designed to reduce the overhead of a TCP connection. The extension is useful for speeding up HTTP connections with handshakes and can add performance from 4% to 41% in the speed of loading pages of sites.
- TCP Tail Loss Probe (TLP) is an experimental algorithm that improves the efficiency of the network stack when packets are lost at the end of a TCP connection. For short transactions, the TLP should reduce transmission timeouts by 15% and for short HTTP responses by 6%.
- TCP Early Retransmit allows you to use fast retransmissions to recover losses in network segments. In other words, with packet loss, connections are restored faster, which improves overall delays.
- TCP Proportional Rate Reduction (PRR) is an experimental algorithm designed to adapt the transmission rate to the bandwidth possible for the receiver or routers in the network to prevent congestion. The algorithm is designed to return to the maximum transfer rate faster and can reduce the HTTP response time by 3-10%.
Low latency sockets
Despite the fact that the Linux network stack is considered one of the fastest and most reliable, some applications require ultra-low latency. Reducing the delay by one millisecond for a large brokerage firm can generate $ 100 million a year. Many use non-standard approaches to bypass the network stack in user space.
Low latency sockets - a software implementation in the kernel designed to reduce network latency and jitter. This feature allows the application to allow polling for new packets directly from the device driver, providing packages with a fast path in the network stack. This change causes the driver to check the interface for new packages and passes them without causing a lock.
The technology allows applications sensitive to unpredictable delays to use the busy-wait polling method instead of using interrupts for incoming packets.
High-precision time synchronization
Accurate time synchronization in microseconds and nanoseconds is very important for critical applications with high demands on performance and latency, such as when trading on exchanges. CentOS 7 has a new implementation of the NTP protocol - Chrony, which allows you to synchronize time faster and more accurately than ntpd. Chrony also works better in virtual machines or on computers with energy-saving technologies, while keeping time accurate.
In addition to the NTP enhancements, Cent OS 7 introduced support for the IEEE 1588 version 2 Precision Time Protocol (PTP) standard. PTP provides accuracy less than a millisecond.
Security
Iptables was developed at a time when networks were simple and bandwidths were measured in megabits. New technologies (distributed NAT, overlay networks and containers) require enhanced functionality and flexibility. A new dynamic FirewallD service has been added to CentOS 7. The service provides greater flexibility compared to iptables, for example, it supports various network trust zones. With FirewallD, you can apply rules without restarting the service, without losing current connections.
Sources used in the preparation of the article:
RedHat official blog
RedHat Knowledge Base
CentOS Official Blog
Try CentOS 7 in the cloud
Especially for our readers, we provided the opportunity to try CentOS 7 in the InfoboxCloud cloud. Register the trial version of the cloud at this link . You can try the classic VPS with CentOS 7 for free, using the freevps promo code on the Infobox website . If you need more resources for testing, write .
If you can not ask questions on Habré, you can ask them in the comments to the article in the InfoboxCloud Community .
Successful use of CentOS 7!
Source: https://habr.com/ru/post/234259/
All Articles