On Tue, 2012-03-20 at 10:56 -0600, Alex Rousskov wrote:
> On 03/20/2012 06:14 AM, Alexander Komyagin wrote:
> >>>> By comparing oprofile results for 3.2 with and w/o RSBAC-Net, I can
> >>>> assume that RSBAC-Net subsystem performs some internal operations on
> >>>> list structures, which are indeed protected by locks - and this, in my
> >>>> point of view, may block simultaneous squid socket operations and affect
> >>>> performance.
>
> >> > Possible. We would not know.
>
> There are no simultaneous squid socket operations in no-daemon mode.
>
>
> > From RSBAC logs squid 3.2 produces much more operations on NETLINK RAW
> > ROUTE sockets than 3.1. Maybe performance differs due to some changes in
> > the Squid interception mechanism in 3.2?
>
> FWIW, I think it would be rather valuable for Squid and possibly RSBAC
> folks to figure this one out:
>
> 1) If Squid v3.2 in no-daemon mode is slower than v3.1, then we may want
> to change something in v3.2. In no-daemon mode, there are no shared
> accepting sockets so we cannot use them as an excuse for slowing things
> down. I recommend switching to forward proxying mode to eliminate or
> confirm interception as a suspect first.
>
> 2) If #1 is resolved but Squid v3.2 is still slower than v3.1 when
> multiple workers are used, then RSBAC folks may need to fix their stuff.
> I would not recommend working on this until #1 is resolved though.
>
>
> HTH,
>
> Alex.
It seems I finally figured out where the problem is. Squid 3.2.0.16
performs host verification for each request. And this verification
produces the call to libc getaddrinfo() function (converting IP address
from text to numeric in my case), but uClibc implementation of this
functions looks like not aware of AF_HOSTNUMERIC hint flag, thus
performing full lookup (I haven't checked details yet). With RSBAC-Net
turned on it's too much overhead. (Actually there are two calls for such
conversion per request - one more is in url.cc:urlParseFinish()
function)
After adding a special hack for numeric IP address conversion requests
in Squid (avoiding call to real getaddrinfo() in that case), the
performance problem has gone (workers work fine too!).
Thank you for assistance guys. I think next week I'll write to uClibc
developers in order to unveil that issue with getaddrinfo().
-- Best wishes, Alexander KomyaginReceived on Fri Mar 23 2012 - 15:51:15 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 24 2012 - 12:00:12 MDT