[dnsdist] Tweaking kernel paramaters for heavy loaded site with dnsdist

[Remi Gacogne]

Hi Aleš,

On 02/20/2017 02:31 PM, Aleš Rygl wrote:
> I would like to ask you for recommendations regarding network performance 
> optimization for a server running Linux with dnsdist. I am still experincing 
> RcvbufErrors even if my setting for receive/send buffers is far from default:

OK, you have set net.core.rmem_max to a large value but
net.core.rmem_default is still low, you might want to increase that a
bit, for example to 16777216.

> I am receiwing about 20-25 kqps of UDP traffic.

That's quite low, can you tell us more about your dnsdist configuration,
kernel version, hardware specs and the kind or rules you are using?

On dnsdist's side, the first things you'll need to check are:
- setMaxUDPOutstanding() is set to a large enough value, I'd recommend 65535
- if you reach 100% of one core, you probably want to use reuseport and
multiple addLocal(xxx, true, true) to use several cores
- you can add the same backend several times with newServer(), so that
the responses are handled by more threads
- if you use Lua a lot, you might also want to consider using LuaJIT
instead of Lua

> Is there something else I can do apart from buying better hw?

That's probably the first question I should have asked, but have you
explicitly disabled any kind of connection state tracking? Otherwise you
can be sure the conntrack will be the bottleneck.

If you have a quite old kernel, consider upgrading. That's especially
true if you are using IPv6 (3.x were doing a very bad job there) but
even for IPv4 there has been a lot of improvements in the processing of
UDP datagrams.

Best regards,

-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170220/236fb4ee/attachment.sig>