go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

blog: adjust blog content 

Resize image 2021-12-02-flamegraph-figure2.png. Adjust
some paragraph and getpid performance tables.

Signed-off-by: Yong He <chenglang.hy@antgroup.com>
Signed-off-by: Jianfeng Tan <henry.tjf@antgroup.com>
This commit is contained in:
Yong He 2021-12-03 14:42:02 +08:00
parent d62190f8b5
commit b993286092
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
website/assets/images/2021-12-02-flamegraph-figure2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 748 KiB

After

Width:  |  Height:  |  Size: 377 KiB

16
website/blog/2021-12-02-running-gvisor-in-production-at-scale-in-ant.md
View File

@ -25,11 +25,13 @@ overhead; another 25% have <3% overhead. Some of our most valued application are
the focus of our optimization, and get even better performance compared with
runc.
The rest of this blog is organized as follows: - First, we analyze the cost of
different syscall paths in gVisor. - Then, a way to profile a whole picture of a
instance is proposed to find out if some slow syscall paths are encountered. -
Some invisible overhead in Go runtime is discussed. - At last, a short summary
on performance optimization with some other factors on production adoption.
The rest of this blog is organized as follows:
* First, we analyze the cost of different syscall paths in gVisor.
* Then, a way to profile a whole picture of a instance is proposed to find out
if some slow syscall paths are encountered. Some invisible overhead in Go
runtime is discussed.
* At last, a short summary on performance optimization with some other factors
on production adoption.
For convenience of discussion, we are targeting KVM-based, or hypervisor-based
platforms, unless explicitly stated.
@ -114,14 +116,14 @@ on a Intel(R) Xeon(R) CPU E5-2650 v2 platform, using
As we can see, for KVM platform, the syscall interception costs more than 10x
than a native Linux syscall.
| getpid benchmark (ns)
getpid | benchmark (ns)
------------ | ---------------------
Native | 62
Native-KPTI | 236
runsc-KVM | 830
runsc-ptrace | 6249
* "Native" stands for using vanilla linux kernel.
\* "Native" stands for using vanilla linux kernel.
To understand the structural cost of syscall interception, we did a
[quantitative analysis](https://github.com/google/gvisor/issues/2354) on kvm