![]() These come with a X722 network card - it has two SFP+ ports, and supports virtual function / SR-IOV. We have quite a few hypervisors based on Intel S2600BPS blade servers. What if we somehow could remove one of the bottlenecks altogether, and make the other one significantly wider? What we got to work with You can increase the amount of queues, but your hypervisor is spending a lot of resources dealing with the network virtualization - it is clearly struggling. ![]() You can increase their size, but you may only move the bottleneck Your virtio-interrupt queues are saturated. When this happens, packets are being dropped - regardless of who are the recipient of the packet. In the event of high amounts of traffic, application bugs, DDOS, combinations of the above and what have you - the connection tracking tables can go full. This is enforced using classic Linux iptables, which in turn use connection tracking tables. It is also there to prevent a malicious self-service user from spoofing their IP or MAC-address. This is a firewall enforced on the network interface of the virtual instance. In most OpenStack-configurations, you have the concept of «port security». Sometimes this is purely because of high amount of real end-user traffic - and sometimes it’s more malicious A DDOS-attack. A subset of these have higher demands when it comes to latency and reliability than others. All our customers have an online presence.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |