Maintained by: NLnet Labs

[Unbound-users] High number of system context switches

Jan-Frode Myklebust
Fri Nov 14 12:13:57 CET 2014


I just got a question off-list if I could share my configuration,
by someone that was only able to get 15Kqps measured by query-perf,
on an 8 core, 8GB physical server, with libevent2. I prefer answering
on-list, in hope that others might chime :-)

I don't think there's anything special about our configuration:

HW:
An IBM HS22 blade, with two quad-core Intel E5620 (2.40GHz), with HT
enabled, and 18GB memory.

Software is RHEL6-latest, with unbound from EPEL
(unbound-1.4.22-1.el6.x86_64, libevent-1.4.13-4.el6.x86_64). Only system
tuning is increasing net.nf_conntrack_max to 524288, and
net.netfilter.nf_conntrack_udp_timeout to 10.

Full unbound.conf attached.

My 30Kqps number is from real usage, not benchmark.  So we might maybe
be hitting cached entries more often than a synthetic benchmark. 



  -jf
-------------- next part --------------
server:
	verbosity: 1
	statistics-interval: 60
	statistics-cumulative: yes
	extended-statistics: yes
	num-threads: 8
	interface: 0.0.0.0
	interface: ::0
	interface-automatic: yes
	outgoing-range: 4096
	outgoing-port-permit: 32768-65535
	outgoing-port-avoid: 0-32767
	max-udp-size: 3072
	msg-cache-size: 4G
	num-queries-per-thread: 4096
	rrset-cache-size: 8G
	cache-min-ttl: 2
	do-ip4: yes
	do-ip6: yes
	do-udp: yes
	do-tcp: yes
	access-control: 0.0.0.0/0 allow
	access-control: ::0/0 allow
	chroot: ""
	username: "unbound"
	directory: "/etc/unbound"
	log-time-ascii: yes
	pidfile: "/var/run/unbound/unbound.pid"
	harden-glue: yes
	harden-dnssec-stripped: yes
	harden-below-nxdomain: yes
	harden-referral-path: yes
	use-caps-for-id: no
	unwanted-reply-threshold: 10000000
	prefetch: yes
	prefetch-key: yes
	rrset-roundrobin: yes
	minimal-responses: no
	trusted-keys-file: /etc/unbound/keys.d/*.key
	auto-trust-anchor-file: "/var/lib/unbound/root.anchor"
	val-clean-additional: yes
	val-permissive-mode: no
	val-log-level: 2
	include: /etc/unbound/local.d/*.conf
remote-control:
	control-enable: yes
	control-interface: 127.0.0.1
	control-interface: ::1
	server-key-file: "/etc/unbound/unbound_server.key"
	server-cert-file: "/etc/unbound/unbound_server.pem"
	control-key-file: "/etc/unbound/unbound_control.key"
	control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf