Containers and Microservices make performance worse

Containers and Microservices Puppet Labs Gareth Rushgrove Make everything performance
worse

Gareth Rushgrove @garethr

Gareth Rushgrove

Quiz Time

Gareth Rushgrove Apologies to the following. I love you really.

This Talk

Gareth Rushgrove

make snide and sharply critical comments Gareth Rushgrove snark /sna:k/
noun

Fast in-process communication vs slow and unreliable HTTP Gareth Rushgrove

The performance cost of an overlay network Gareth Rushgrove

What happened to ps and friends? Gareth Rushgrove

Microservices and Performance It will get bad before it gets
good

Monoliths are pretty easy to understand at a high level
Gareth Rushgrove

Gareth Rushgrove Monolith

Even adding in the supporting infrastructure it’s not so bad
Gareth Rushgrove

Gareth Rushgrove Monolith Database Load Balancer Network Network

I can optimise the network, the load balancer, the database,
the application or the client. Easy Gareth Rushgrove

What about Microservices? Well, ﬁrst start with a diagram like
this… Gareth Rushgrove

Microservice Microservice Microservice Microservice Microservice Microservice Microservice Microservice Gareth Rushgrove

Whatever protocol you’re using lets assume you’re communicating over the
network… Gareth Rushgrove

Microservice Microservice Microservice Microservice Microservice Microservice Microservice Microservice Gareth Rushgrove
Network Network Network Network Network Network Network Network

And you probably want more than one instance of each
service… Gareth Rushgrove

Gareth Rushgrove Microservice Load Balancer Network

Gareth Rushgrove Microservice Microservice Microservice Microservice Microservice Microservice Microservice Microservice
Network Network Network Network Network Network Network Network Load Balancer Network Load Balancer Network Load Balancer Network Load Balancer Network Load Balancer Network Load Balancer Network

And you probably have a few different databases now too…
Gareth Rushgrove

Gareth Rushgrove Microservice Microservice Microservice Microservice Microservice Microservice Microservice Microservice
Network Network Network Network Network Network Network Network Load Balancer Network Load Balancer Network Load Balancer Network Load Balancer Network Load Balancer Network Load Balancer Network Database Network Network Database

In my made-up 8 service architecture we went from 5
things to optimise up to 32 Gareth Rushgrove The Bad

We went from 3 network hops to, er, more depending
on the request Gareth Rushgrove The Bad

We ignored the cost of serialisation/deserialisation (JSON can be expensive)
Gareth Rushgrove The Bad

The operational overhead just jumped considerably Gareth Rushgrove The Bad

Lots more network trafﬁc. Watch out for latency in particular
Gareth Rushgrove The Bad

Without request tracing you’re doomed Gareth Rushgrove The Bad

Granular services are easier to optimise individually Gareth Rushgrove The
Good

Individual services can be scaled independently Gareth Rushgrove The Good

Debugging with Containers Is that process inside or outside a
container?

Problems with free and top Gareth Rushgrove

Gareth Rushgrove $ free total used free shared buffers cached
Mem: 1024444 864140 160304 5024 50008 637736 -/+ buffers/cache: 176396 848048 Swap: 473084 16 473068 $ docker exec test-container free total used free shared buffers cached Mem: 1024444 866440 158004 5024 50000 637732 -/+ buffers/cache: 178708 845736 Swap: 473084 16 473068 Can a container use that memory?

memory stats come from the proc ﬁlesystem: /proc/meminfo, / proc/vmstat,
etc. Gareth Rushgrove

/proc/meminfo and /proc/vmstat are not aware of cgroups Gareth Rushgrove

Problems with ps Gareth Rushgrove

Gareth Rushgrove $ ps aux USER PID %CPU %MEM VSZ
RSS TTY STAT START TIME COMMAND ... 999 1807 0.2 11.4 867624 464572 ? Ssl 09:38 0:21 mysqld Is this process in a container?

Gareth Rushgrove $ ps -eo ucmd,cgroup COMMAND CGROUP ... mysqld
9:perf_event:/docker/61e76d2c39121282474ff895b9b3ba2addd775cdea6d2ba89ce76c28 Which container is that?

Gareth Rushgrove Sysdig

Provides a Kernel module, which hooks into cgroups and namespaces
Gareth Rushgrove

Gareth Rushgrove $ sudo sysdig -c topcontainers_cpu CPU% container.name -----------------------------------------------------------------------
90.13% mysql 15.93% wordpress1 7.27% haproxy 3.46% wordpress2 CPU usage across containers

Gareth Rushgrove $ sudo sysdig -pc -c topprocs_cpu container.name=client CPU%
Process container.name ---------------------------------------------- 02.69% bash client 31.04% curl client 0.74% sleep client CPU usage in a single container

Gareth Rushgrove $ sudo sysdig -pc -c topprocs_net Bytes Process
Host_pid Container_pid container.name --------------------------------------------------------------- 72.06KB haproxy 7385 13 haproxy 56.96KB docker.io 1775 7039 host 44.45KB mysqld 6995 91 mysql 44.45KB mysqld 6995 99 mysql 29.36KB apache2 7893 124 wordpress1 29.36KB apache2 26895 126 wordpress4 29.36KB apache2 26622 131 wordpress2 29.36KB apache2 27935 132 wordpress3 29.36KB apache2 27306 125 wordpress4 22.23KB mysqld 6995 90 mysqlclient Network bandwidth

Gareth Rushgrove $ sudo sysdig -pc -A -c echo_fds "fd.ip=172.17.0.3
and fd.ip=172.17.0.7" ------ Write 103B to [haproxy] [d468ee81543a] 172.17.0.7:37557->172.17.0.3:80 (hapr GET / HTTP/1.1 User-Agent: curl/7.35.0 Host: 172.17.0.7 Accept: */* X-Forwarded-For: 172.17.0.8 ------ Read 103B from [wordpress1] [12b8c6a04031] 172.17.0.7:37557->172.17.0.3:80 ( GET / HTTP/1.1 User-Agent: curl/7.35.0 Host: 172.17.0.7 Accept: */* X-Forwarded-For: 172.17.0.8 ------ Write 346B to [wordpress1] [12b8c6a04031] 172.17.0.7:37557->172.17.0.3:80 (a HTTP/1.1 302 Found Date: Sat, 21 Feb 2015 22:19:18 GMT Trafﬁc between containers

Don’t expect existing debugging tools to work Gareth Rushgrove The
Bad

New tools are emerging. Often with better interfaces Gareth Rushgrove
The Good

Container Overhead Count the performance penalties

Gareth Rushgrove

Containers add very little overhead Gareth Rushgrove The Good

Gareth Rushgrove

Memory cgroups can be expensive Gareth Rushgrove The Bad

By default, the memory subsystem uses 40 bytes of memory
per physical page on x86_64 systems. These resources are consumed even if memory is not used in any hierarchy Gareth Rushgrove https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/sec-memory.html

Container networking is hard. Overlay networks make it easy. But
slow. Gareth Rushgrove The Bad

Gareth Rushgrove http://www.generictestdomain.net/docker/weave/networking/stupidity/2015/04/05/weave-is-kinda-slow/

Gareth Rushgrove https://arjanschaaf.github.io/is-the-network-the-limit/

Gareth Rushgrove The Good

Gareth Rushgrove $ qperf between two EC2 c3.8xlarge with 10Gb/s
tcp_bw: bw = 1.2 GB/sec udp_lat: latency = 48.1 us $ qperf over weave network using ODP/VXLAN tcp_bw: bw = 1.09 GB/sec udp_lat: latency = 61.9 us

Linux containers don’t really contain Gareth Rushgrove The Bad

Gareth Rushgrove

To get strict isolation guarantees you’re going to wrap them
in virtual machines anyway Gareth Rushgrove The Bad

Projects like Clear Linux from Intel are innovating in this
space Gareth Rushgrove The Good

User namespaces (host/container separation) and seccomp (limit syscalls) are coming
to Docker Gareth Rushgrove The Good

Conclusions Snark free zone

Containers and microservices pose new performance challenges Gareth Rushgrove

Most problems aren’t performance problems Gareth Rushgrove

If you’re not already a networking expert start learning now
Gareth Rushgrove

Lots of opportunities for new tooling to improve things Gareth
Rushgrove

Questions? And thanks for listening Gareth Rushgrove

Containers and Microservices make performance worse

Containers and Microservices make performance worse

More Decks by Gareth Rushgrove

Other Decks in Technology

Featured

Transcript