From 6a3fa181d1253db5191139e20231512eebaddeeb Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 18 Feb 2014 22:36:14 -0800 Subject: [PATCH] [master] add "--with-tuning=large" option 3745. [func] "configure --with-tuning=large" adjusts various compiled-in constants and default settings to values suited to large servers with abundant memory. [RT #29538] --- CHANGES | 5 +++++ README | 15 ++++++++++++++- bin/named/interfacemgr.c | 9 ++++++++- bin/named/named.docbook | 3 +++ bin/named/server.c | 21 +++++++++++++++------ config.h.in | 3 +++ configure | 36 ++++++++++++++++++++++++++++++++++++ configure.in | 25 +++++++++++++++++++++++++ lib/dns/client.c | 12 +++++++++--- lib/dns/request.c | 2 +- lib/dns/resolver.c | 2 +- lib/isc/unix/socket.c | 12 ++++++++++++ 12 files changed, 132 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index f062fe064d..a9084d2338 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +3745. [func] "configure --with-tuning=large" adjusts various + compiled-in constants and default settings to + values suited to large servers with abundant + memory. [RT #29538] + 3744. [experimental] SIT: send and process Source Identity Tokens (similar to DNS Cookies by Donald Eastlake 3rd), which are designed to help clients detect off-path diff --git a/README b/README index abfbc58c56..87b2f64dc8 100644 --- a/README +++ b/README @@ -71,6 +71,11 @@ BIND 9.10.0 DNSSEC problems. - Improved EDNS(0) processing for better resolver performance and reliability over slow or lossy connections. + - A new "configure --with-tuning=large" option tunes certain + compiled-in constants and default settings to values better + suited to large servers with abundant memory. This can + improve performance on such servers, but will consume more + memory and may degrade performance on smaller systems. - Substantial improvement in response-policy zone (RPZ) performance. Up to 32 response-policy zones can be configured with minimal performance loss. @@ -119,7 +124,7 @@ BIND 9.10.0 by default. - "named" now preserves the capitalization of names when responding to queries. The former behavior can be restored - for specific clients via the new "no-case-compress" ACL. + for specific clients via the new "no-case-compress" ACL. - new "dnssec-importkey" command allows the use of offline DNSSEC keys with automatic DNSKEY management. - New "named-rrchecker" tool to verify the syntactic @@ -297,6 +302,14 @@ Building To build shared libraries, specify "--with-libtool" on the configure command line. + Certain compiled-in constants and default settings can be + increased to values better suited to large servers with abundant + memory resources (e.g, 64-bit servers with 12G or more of memory) + by specifying "--with-tuning=large" on the configure command + line. This can improve performance on big servers, but will + consume more memory and may degrade performance on smaller + systems. + For the server to support DNSSEC, you need to build it with crypto support. You must have OpenSSL 0.9.5a or newer installed and specify "--with-openssl" on the diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 2dece8e633..150114e50e 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -56,6 +56,12 @@ #endif #endif +#ifdef TUNE_LARGE +#define UDPBUFFERS 32768 +#else +#define UDPBUFFERS 1000 +#endif /* TUNE_LARGE */ + #define IFMGR_MAGIC ISC_MAGIC('I', 'F', 'M', 'G') #define NS_INTERFACEMGR_VALID(t) ISC_MAGIC_VALID(t, IFMGR_MAGIC) @@ -424,7 +430,8 @@ ns_interface_listenudp(ns_interface_t *ifp) { result = dns_dispatch_getudp_dup(ifp->mgr->dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &ifp->addr, - 4096, 1000, 32768, 8219, 8237, + 4096, UDPBUFFERS, + 32768, 8219, 8237, attrs, attrmask, &ifp->udpdispatch[disp], disp == 0 diff --git a/bin/named/named.docbook b/bin/named/named.docbook index f35432e853..f70787b142 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -262,6 +262,9 @@ Allow named to use up to #max-socks sockets. + The default value is 4096 on systems built with default + configuration options, and 21000 on systems built with + "configure --with-tuning=large". diff --git a/bin/named/server.c b/bin/named/server.c index 675e200f2c..494df97fff 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -132,6 +132,16 @@ #define SIZE_MAX ((size_t)-1) #endif +#ifdef TUNE_LARGE +#define RESOLVER_NTASKS 523 +#define UDPBUFFERS 32768 +#define EXCLBUFFERS 32768 +#else +#define RESOLVER_NTASKS 31 +#define UDPBUFFERS 1000 +#define EXCLBUFFERS 4096 +#endif /* TUNE_LARGE */ + /*% * Check an operation for failure. Assumes that the function * using it has a 'result' variable and a 'cleanup' label. @@ -960,7 +970,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af, isc_sockaddr_t sa; unsigned int attrs, attrmask; const cfg_obj_t *obj = NULL; - unsigned int maxdispatchbuffers; + unsigned int maxdispatchbuffers = UDPBUFFERS; isc_dscp_t dscp = -1; switch (af) { @@ -1014,7 +1024,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af, } if (isc_sockaddr_getport(&sa) == 0) { attrs |= DNS_DISPATCHATTR_EXCLUSIVE; - maxdispatchbuffers = 4096; + maxdispatchbuffers = EXCLBUFFERS; } else { INSIST(obj != NULL); if (is_firstview) { @@ -1023,7 +1033,6 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af, "suppresses port randomization and can be " "insecure."); } - maxdispatchbuffers = 1000; } attrmask = 0; @@ -2929,8 +2938,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, dns_view_setresquerystats(view, resquerystats); ndisp = 4 * ISC_MIN(ns_g_udpdisp, MAX_UDP_DISPATCH); - CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31, ndisp, - ns_g_socketmgr, ns_g_timermgr, + CHECK(dns_view_createresolver(view, ns_g_taskmgr, RESOLVER_NTASKS, + ndisp, ns_g_socketmgr, ns_g_timermgr, resopts, ns_g_dispatchmgr, dispatch4, dispatch6)); @@ -6898,7 +6907,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) { result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &dispatch->addr, 4096, - 1000, 32768, 16411, 16433, + UDPBUFFERS, 32768, 16411, 16433, attrs, attrmask, &dispatch->dispatch); if (result != ISC_R_SUCCESS) goto cleanup; diff --git a/config.h.in b/config.h.in index c6dd731812..c65d8911bc 100644 --- a/config.h.in +++ b/config.h.in @@ -491,6 +491,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME +/* Define to use large-system tuning. */ +#undef TUNE_LARGE + /* Defined if you need to use ioctl(FIONBIO) instead a fcntl call to make non-blocking. */ #undef USE_FIONBIO_IOCTL diff --git a/configure b/configure index 094c19c02a..aa75e79686 100755 --- a/configure +++ b/configure @@ -1014,6 +1014,7 @@ with_libiconv with_iconv with_idnlib with_atf +with_tuning with_dlopen with_dlz_postgres with_dlz_mysql @@ -1711,6 +1712,7 @@ Optional Packages: --with-iconv=LIBSPEC specify iconv library default -liconv --with-idnlib=ARG specify libidnkit --with-atf=ARG support Automated Test Framework + --with-tuning=ARG Specify server tuning (large or default) --with-dlopen=ARG support dynamically loadable DLZ drivers --with-dlz-postgres=PATH Build with Postgres DLZ driver yes|no|path. (Required to use Postgres with DLZ) @@ -19868,6 +19870,38 @@ fi done +# +# was --with-tuning specified? +# + +# Check whether --with-tuning was given. +if test "${with_tuning+set}" = set; then : + withval=$with_tuning; use_tuning="$withval" +else + use_tuning="no" +fi + + +case "$use_tuning" in + large) + if ! $use_threads; then + as_fn_error $? "Large-system tuning requires threads." "$LINENO" 5 + fi + +$as_echo "#define TUNE_LARGE 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: using large-system tuning" >&5 +$as_echo "using large-system tuning" >&6; } + ;; + no|default) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: using default tuning" >&5 +$as_echo "using default tuning" >&6; } + ;; + yes|*) + as_fn_error $? "You must specify \"large\" or \"default\" for --with-tuning." "$LINENO" 5 + ;; +esac + # # Substitutions # @@ -23552,6 +23586,7 @@ echo "Configuration summary:" echo "------------------------------------------------------------------------" echo "Optional features enabled:" $use_threads && echo " Multiprocessing support (--enable-threads)" +test "$use_tuning" = "large" && echo " Large-system tuning (--with-tuning)" test "$use_geoip" = "no" || echo " GeoIP access control (--with-geoip)" test "$use_gssapi" = "no" || echo " GSS-API (--with-gssapi)" if test "$enable_sit" != "no"; then @@ -23620,6 +23655,7 @@ echo "Features disabled or unavailable on this platform:" $use_threads || echo " Multiprocessing support (--enable-threads)" test "$enable_ipv6" = "no" -o "$found_ipv6" = "no" && \ echo " IPv6 support (--enable-ipv6)" +test "$use_tuning" = "large" || echo " Large-system tuning (--with-tuning)" test "$use_geoip" = "no" && echo " GeoIP access control (--with-geoip)" test "$use_gssapi" = "no" && echo " GSS-API (--with-gssapi)" diff --git a/configure.in b/configure.in index 853d436cbc..4027e40cc5 100644 --- a/configure.in +++ b/configure.in @@ -3739,6 +3739,29 @@ AC_SUBST(UNITTESTS) AC_CHECK_HEADERS(locale.h) AC_CHECK_FUNCS(setlocale) +# +# was --with-tuning specified? +# +AC_ARG_WITH(tuning, + [ --with-tuning=ARG Specify server tuning (large or default)], + use_tuning="$withval", use_tuning="no") + +case "$use_tuning" in + large) + if ! $use_threads; then + AC_MSG_ERROR([Large-system tuning requires threads.]) + fi + AC_DEFINE(TUNE_LARGE, 1, [Define to use large-system tuning.]) + AC_MSG_RESULT(using large-system tuning) + ;; + no|default) + AC_MSG_RESULT(using default tuning) + ;; + yes|*) + AC_MSG_ERROR([You must specify "large" or "default" for --with-tuning.]) + ;; +esac + # # Substitutions # @@ -4289,6 +4312,7 @@ echo "Configuration summary:" echo "------------------------------------------------------------------------" echo "Optional features enabled:" $use_threads && echo " Multiprocessing support (--enable-threads)" +test "$use_tuning" = "large" && echo " Large-system tuning (--with-tuning)" test "$use_geoip" = "no" || echo " GeoIP access control (--with-geoip)" test "$use_gssapi" = "no" || echo " GSS-API (--with-gssapi)" if test "$enable_sit" != "no"; then @@ -4357,6 +4381,7 @@ echo "Features disabled or unavailable on this platform:" $use_threads || echo " Multiprocessing support (--enable-threads)" test "$enable_ipv6" = "no" -o "$found_ipv6" = "no" && \ echo " IPv6 support (--enable-ipv6)" +test "$use_tuning" = "large" || echo " Large-system tuning (--with-tuning)" test "$use_geoip" = "no" && echo " GeoIP access control (--with-geoip)" test "$use_gssapi" = "no" && echo " GSS-API (--with-gssapi)" diff --git a/lib/dns/client.c b/lib/dns/client.c index 867f2c6322..f37f6f36c0 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -68,6 +68,12 @@ #define MAX_RESTARTS 16 +#ifdef TUNE_LARGE +#define RESOLVER_NTASKS 523 +#else +#define RESOLVER_NTASKS 31 +#endif /* TUNE_LARGE */ + /*% * DNS client object */ @@ -509,9 +515,9 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx, } /* Create the default view for class IN */ - result = createview(mctx, dns_rdataclass_in, options, taskmgr, 31, - socketmgr, timermgr, dispatchmgr, - dispatchv4, dispatchv6, &view); + result = createview(mctx, dns_rdataclass_in, options, taskmgr, + RESOLVER_NTASKS, socketmgr, timermgr, + dispatchmgr, dispatchv4, dispatchv6, &view); if (result != ISC_R_SUCCESS) goto cleanup; ISC_LIST_INIT(client->viewlist); diff --git a/lib/dns/request.c b/lib/dns/request.c index d50eaf833d..b21786875c 100644 --- a/lib/dns/request.c +++ b/lib/dns/request.c @@ -619,7 +619,7 @@ find_udp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr, requestmgr->socketmgr, requestmgr->taskmgr, srcaddr, 4096, - 1000, 32768, 16411, 16433, + 32768, 32768, 16411, 16433, attrs, attrmask, dispatchp)); } diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index e0c765d51e..fa188c1287 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1545,7 +1545,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, result = dns_dispatch_getudp(res->dispatchmgr, res->socketmgr, res->taskmgr, &addr, - 4096, 1000, 32768, 16411, + 4096, 20000, 32768, 16411, 16433, attrs, attrmask, &query->dispatch); if (result != ISC_R_SUCCESS) diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c index b0ef546465..78ff4d7fd2 100644 --- a/lib/isc/unix/socket.c +++ b/lib/isc/unix/socket.c @@ -158,7 +158,11 @@ int isc_dscp_check_value = -1; */ #ifndef ISC_SOCKET_MAXSOCKETS #if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) +#ifdef TUNE_LARGE +#define ISC_SOCKET_MAXSOCKETS 21000 +#else #define ISC_SOCKET_MAXSOCKETS 4096 +#endif /* TUNE_LARGE */ #elif defined(USE_SELECT) #define ISC_SOCKET_MAXSOCKETS FD_SETSIZE #endif /* USE_KQUEUE... */ @@ -220,7 +224,11 @@ typedef enum { poll_idle, poll_active, poll_checking } pollstate_t; */ #if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) #ifndef ISC_SOCKET_MAXEVENTS +#ifdef TUNE_LARGE +#define ISC_SOCKET_MAXEVENTS 2048 +#else #define ISC_SOCKET_MAXEVENTS 64 +#endif /* TUNE_LARGE */ #endif #endif @@ -296,7 +304,11 @@ typedef isc_event_t intev_t; /*% * The size to raise the receive buffer to (from BIND 8). */ +#ifdef TUNE_LARGE +#define RCVBUFSIZE (16*1024*1024) +#else #define RCVBUFSIZE (32*1024) +#endif /* TUNE_LARGE */ /*% * The number of times a send operation is repeated if the result is EINTR.