Surprisingly for a few, I was still running 1.2 RC11 and have yesterday upgraded my router to 1.3 RC1 which went smoothly.
I’m using the exact configuration and have done 0 changes to it.
However, while testing, I’ve noticed a big performance regression on 1.3 compared to 1.2.
While doing a Speedtest (speedtest.net) I’m having a lot higher CPU usage on the download phase, resulting in the router not even hitting 1Gbit/s.
As you can see, what I think to be the interrupts for the NIC (ksoftirqd) have a much higher CPU usage on 1.3, resulting on Vyos reaching only around 690Mbit/s download from the internet.
While on 1.2, there is CPU performance to spare and I can do easily 920Mbit/s (essentially maxing out 1Gbit, has a lower result due to overhead).
I’m calling this a performance regression mostly because it’s using the exact configuration from version 1.2 to 1.3 results on a CPU usage increase of almost double.
My router is using a Intel Celeron N3150 with an Intel ET2 quad port NIC.
Well, I just followed the thread and it wasn’t very clear on what was supposed to do since it was a troubleshooting thread with a lot of back and forth.
I’ve done some research, along side with what was mentioned in the thread and I still don’t know if mitigations are actually turned off or not.
Edit /boot/grub/grub.cfg and modified both VyOS 1.3.0-rc1 (KVM console) and VyOS 1.3.0-rc1 (Serial console) to include mitigations=off after the boot=live.
Reboot Vyos and still no improvements in performance.
Check cat /proc/cmdline and I get: BOOT_IMAGE=/boot/1.3.0-rc1/vmlinuz boot=live mitigations=off quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/1.3.0-rc1 console=ttyS0,9600 console=tty0
Check grep . /sys/devices/system/cpu/vulnerabilities/* and not clear if mitigations are active or not:
Could you give me some light on how to confirm if the mitigations are actually off?
Or are they off and the Specter and Meltdown mitigations are not the reason of the difference in performance vs 1.2?
You can see by the fact that grep . /sys/devices/system/cpu/vulnerabilities/* shows everything now as Vulnerable. Also the fact it’s clear by looking at cmdline it clearly shows the mitigations=off statement.
If that hasn’t fixed it, then something else is also causing the issue/performance regression.
What it might be though, I don’t know now I’m sorry.
If I was a maintainer of VyOS, I would be in part very concerned with such a performance penalty from a simple update, but it seems that it’s not important.
1.2 is using IGB driver version 5.4.0-k
1.3 is using IGB driver version 5.6.0-k
I’ve never installed or messed around with drivers, is there a easy easy way for me to switch the driver back to 5.4.0-k in Vyos 1.3 to validate a possible driver issue?
We have tried all the options suggested here, But none of them seems to be working for us. Can anyone from here confirm the issue? Is there a plan to resolve this issue? We are seeing following performance degradation in 1.3 rc release with compare to 1.2.5 LTS release:
Throghput between two interfaces is reduced to 2.5 Gbps from 10 Gbps
IPSec throughput is reduced to 500 Mbps from 950 Mbps
VXLAN throughput is reduced to 1 Gbps from 3.5 Gbps
Macsec with vxlan throughput is reduced to 370 Mbps from 1.3 Gbps
Hello @hiteshhapani, yes, I can confirm some issues with high IRQs in a virtual environment. Next week we plan to deploy 1.3RC2 on bare metal and start research deeper. Also, I can confirm this degradation in Debian bullseye (kernel 5.10.x) So, I guess this issue related to kernel
I don’t know why I can’t edit the subject of this thread, but want to add the update that Vyos 1.3.0-rc3, built on Thr 25 Mar 2021, has no improvement regarding the performance issues:
This massive performance hit is still there, it’s not only affecting me but other people such as @hiteshhapani and I will be astonished if Vyos 1.3 is released like this.
It might be worth logging a Phabricator ticket with regards to this, as while these forums are very active, the list of issues in Phabriactor is the definitive source of Bugs.
I’ve never submitted a Phabricator ticket, I’m willing to do it since clearly the maintainers are not looking at the forums and acting as everything is fine on every RC release.
Could you please provide me some lights on how to do it?