go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

blog: adjust blog content 

Resize image 2021-12-02-flamegraph-figure2.png. Adjust
some paragraph and getpid performance tables.

Signed-off-by: Yong He <chenglang.hy@antgroup.com>
Signed-off-by: Jianfeng Tan <henry.tjf@antgroup.com>
This commit is contained in:
Yong He 2021-12-03 14:42:02 +08:00
parent d62190f8b5
commit b993286092
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
website/assets/images/2021-12-02-flamegraph-figure2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 748 KiB

After

Width:  |  Height:  |  Size: 377 KiB

16
website/blog/2021-12-02-running-gvisor-in-production-at-scale-in-ant.md
View File

@ -25,11 +25,13 @@ overhead; another 25% have <3% overhead. Some of our most valued application are
the focus of our optimization, and get even better performance compared with the focus of our optimization, and get even better performance compared with
runc. runc.
The rest of this blog is organized as follows: - First, we analyze the cost of The rest of this blog is organized as follows:
different syscall paths in gVisor. - Then, a way to profile a whole picture of a * First, we analyze the cost of different syscall paths in gVisor.
instance is proposed to find out if some slow syscall paths are encountered. - * Then, a way to profile a whole picture of a instance is proposed to find out
Some invisible overhead in Go runtime is discussed. - At last, a short summary if some slow syscall paths are encountered. Some invisible overhead in Go
on performance optimization with some other factors on production adoption. runtime is discussed.
* At last, a short summary on performance optimization with some other factors
on production adoption.
For convenience of discussion, we are targeting KVM-based, or hypervisor-based For convenience of discussion, we are targeting KVM-based, or hypervisor-based
platforms, unless explicitly stated. platforms, unless explicitly stated.
@ -114,14 +116,14 @@ on a Intel(R) Xeon(R) CPU E5-2650 v2 platform, using
As we can see, for KVM platform, the syscall interception costs more than 10x As we can see, for KVM platform, the syscall interception costs more than 10x
than a native Linux syscall. than a native Linux syscall.
| getpid benchmark (ns) getpid | benchmark (ns)
------------ | --------------------- ------------ | ---------------------
Native | 62 Native | 62
Native-KPTI | 236 Native-KPTI | 236
runsc-KVM | 830 runsc-KVM | 830
runsc-ptrace | 6249 runsc-ptrace | 6249
* "Native" stands for using vanilla linux kernel. \* "Native" stands for using vanilla linux kernel.
To understand the structural cost of syscall interception, we did a To understand the structural cost of syscall interception, we did a
[quantitative analysis](https://github.com/google/gvisor/issues/2354) on kvm [quantitative analysis](https://github.com/google/gvisor/issues/2354) on kvm