10G and Direct Cache Access

December 18, 2008 Daniel Stenberg 6 Comments

As some of you might know, I currently work with a client doing 10G network stuff. 10G as in 10 gigabit/second Ethernet. That’s a lot of data. It’s actually so much data it’s hard to even generate network loads of this magnitude to be able to do good tests, as a typical server using SATA harddrives hardly fills a one gigabit pipe due to “slow” I/O: ordinary SATA drives don’t even reach 100MB/sec. You need RAID solutions or putting the entire thing in RAM first. So generating 10 gigabit network loads thus requires some extraordinary solutions.

Having a server that tries to “eat” a line speed 10G is a big challenge, and in fact we can’t do it as 1.25 GB/sec is just too much and yet we run a quad-core 3.00GHz Xeon thing here which is at least near the best “off-the-shelf” CPU/server you can get at the moment. Of course our software does a little bit more with the data than just receiving it as well.

Anyway, recently I’ve been experimenting with 10G cards from Myricom and when trying to maximize our performance with these beauties, I fell over the three-letter acronym DCA. Direct Cache Access. A terribly overused acronym consisting of often-used words make it hard to research and learn about! But here’s a great document describing some of the gory details:

Direct Cache Access for High Bandwidth Network I/O

Summary: it is an Intel technology for delivering data directly into the CPU’s cache, to reduce the bandwidth requirement to memory (note: it only decreases theÂ bandwidthÂ requirement at that moment, not the total requirement as it still needs to be read from memory into the cache, as noted in a comment below). Using this technique it should be possible to drastically reduce the time for getting the traffic. Support for this tech has been added to the Linux kernel as well since a while back.

It seems DCA is (only?) implemented in Intel’s 7300 chipset family which seems to only exist for Xeon 7300 and 7400. Too bad we don’t have one of these monsters so I haven’t been able to try this out for real yet…

Currently we can generate 10G network loads using two different approaches: one is uploading a specially crafted binary blob embedded with the FPGA image to a Xilinx-equipped board with a 10G MAC that then can do some fiddling with the packages (like increasing a counter) so that they aren’t all 100% identical. It makes a pretty good load test, even if the traffic isn’t at all shaped like the “real” traffic our product will receive. Our other approach has been even less good: upload a custom firmware to the network card and have that send the same Ethernet frame… This latter approach didn’t get better because it was a bit too complicated and badly documented on how to make a really good generator out of it. Even if I liked being able to upload custom code to my network card! 😉

Allow me to also mention that the problems with generating 10G is with small packet sizes, like 100 bytes or so as the main problem in the hardwares seem to the number of packets, not the payload part. Thus it is easier to do full line speed with 9000 bytes packets (jumbo frames) than the tiny ones we are likely to get when this product is in use by customers in the wild.

Update: this article was written in 2008. Please note that many things may have changed since then.

Rockbox

Rockbox release pending

December 18, 2008 Daniel Stenberg

With the newly established three-month release cycle in the Rockbox project it means we’re about to soon do a version 3.1 release. Planned to happen in a week or so.

In preparation for that, we just now branched trunk to a 3.1 branch. Help us polish it up, update translations and correct the release notes!

Blogging, Web

Avatars by gravatar

December 15, 2008 Daniel Stenberg

I’m using one of those fancy WordPress plugins on this blog that makes use of gravatar for the avatar images that appear next to your name when you post a comment. So if you comment here on daniel.haxx.se and want to see a fancy personal image next to your wise words, skip over to gravatar.com and put up a picture of you that then will be associated with your email address.

This system does not reveal your email address to any outsider, as the avatar is received from their service simply by sending a oneway hash of your address.

This isn’t really anything new here, it’s been like this for a while but I figured I should explain it better to the few who might not have realized this yet…

Open Source

One less podcast to listen to

December 15, 2008 Daniel Stenberg

As I’ve mentioned in the past I do enjoy listening to podcasts while doing the dishes or shopping, and now I have one less show to monitor as Linux Action Show is giving up their “long” format and is going video and only doing short audio ones.

For me who likes listening while doing other things, video podcasts are totally wrong. And then doing audio streams based on a video podcast sounds like the wrong way forward, at least if you want to provide good a audio podcast. I think this is the end of my interest of their show.

Thankfully Randal and Leo have kept up the speed of FLOSS Weekly lately!

cURL and libcurl

More libcurl adoption

December 10, 2008 Daniel Stenberg

Some recent news showing libcurl possibly widening its user-base:

Eugene V. Lyubimkin posted a suggestion that libcurl should be used by the upcoming APT release for all ftp and http accesses!

Mr Johansen at Sun told us libcurl is being considered (via the pycurl binding) for the new OpenSolaris package manager.

perl’s widely used module for HTTP/FTP etc, called LWP, has gotten a libcurl-powered sibling called LPW-curl, which if I understand things correctly makes transfers using the traditional LWP-style and API but is powered by libcurl underneath.

Someone (not being me) registered libcurl.org. The site actually contains rather accurate info but if I disable adblock it shows lots of ads on the page though so I guess that’s why the page exists… (googling for “libcurl” now shows this site among the 5-6 first hits, which surprises me…)

More?

c-ares

c-ares 1.6.0

December 9, 2008 Daniel Stenberg

With a few bug fixes and general improvements, c-ares 1.6.0 was released just now with these new additions:

support for the glibc “rotate” resolv.conf option (or ARES_OPT_ROTATE)
ares_gethostbyname_file()
ares_dup()
ares_set_socket_callback()

(the man pages for the new functions are not yet available on the web site but I’m meaning to get to that soonish)

cURL and libcurl

SCP and SFTP with libcurl on Windows

December 8, 2008 Daniel Stenberg

We’ve gotten a fair amount of questions on the libcurl mailing list about how to do the SSH-based protocols SCP and SFTP with libcurl on Windows, and here comes Andrei Jakab bursting in and provides us with this fancy PDF:

Using libcurl with SSH support in Visual Studio 2008

I’m convinced a user or two will find this a fine resource! Thanks Andrei!

Network, Web

Filling our pipes

December 7, 2008 Daniel Stenberg 1 Comment

At around 13:43 GMT Friday the 5th of December 2008, the network that hosts a lot of services like this site, the curl site, the rockbox site, the c-ares site, CVS repositories, mailing lists, my own email and a set of other open source related stuff, become target of a vicious and intense DDoS attack. The attack was in progress until about 17:00 GMT on Sunday the 7th. The target network is owned and ran by CAG Contactor.

Tens of thousands of machines on the internet suddenly started trying to access a single host within the network. The IP they targeted has in fact never been publicly used as long as we’ve owned it (which is just a bit under two years) and it has never had any public services.

We have no clue whatsoever why someone would do this against us. We don’t have any particular services that anyone would gain anything by killing. We’re just very puzzled.

Our “ISP”, the guys we buy bandwidth and related services from, said they used up about 1 gigabit/sec worth of bandwidth and with our “mere” 10 megabit/sec connection it was of course impossible to offer any services while this was going on.

It turns out our ISP did the biggest blunder and is the main cause for the length of this outage: we could immediately spot that the target was a single IP in our class C network. We asked them to block all traffic to this IP as far out as possible to stop such packets from entering their network. And they did. For a short while there was silence and sense again.

For some reason that block “fell off” and our network got swamped again and it then remained unusable for another 48 hours or so. We know this, since our sysadmin guy investigated our firewall logs on midday Sunday and they all revealed that same target IP as destination. Since we only have a during-office-hours support deal with our network guys (as we’re just a consultant company with no services that really need 24 hour support) they simply didn’t care much about our problem but said they would deal with it Monday morning. So our sysadmin shutdown our firewall to save our own network from logging overload and what not.

Given the explanations I’ve got over phone (I have yet to see and analyze logs from this), it does sound like some sort of SYN flood and they attempted to connect to many different TCP ports.

4-5 hours after the firewall was shutdown, the machines outside of our firewall (but still on our network) suddenly became accessible again. The attack had stopped. We have not seen any traces of it since then. The firewall is still shutdown though, as the first guy coming to the office Monday morning will switch it on again and then – hopefully – all services should be back to normal.

Development, Open Source

Open source in my day job

December 3, 2008 Daniel Stenberg

From people in the open source community and then especially friends and fellow hackers in projects I am involved in, I sometimes get questions on how my open source participations affect my “real job”.

I work as a consultant during the days and I do contract development for hire. I’ve been a consultant since 1996 and during this time I’ve participated in more than 25 “full-time” projects for almost as many customers.

I contribute to numerous open source projects and I’ve done it for many years. I lead and maintain several open source projects. I’ve committed many thousands of times to public source code repositories.

Does the contributions make me more attractive to potential customers? Not particularly is my rather sad experience. While some of my customers notice my track record (my CV does of course mention my most notable contributions) most of my day-job clients focus solely on other paid projects I’ve done and that exact technologies and products I worked with and created in the past. It may of course not be too strange as things I do and get paid for is then potentially “good enough for someone to pay me for” while the stuff I do for free in open source projects are… well, not paid for and thus it can’t be qualified by that ruler.

Do I get new assigments thanks to my open source projects? Yes, I do, but usually they tend to be on the smallish side and not of the bigger kinds my regular assignments at work are.

And the reality is of course also that the vast vast vaaast majority of all software consultants that people hire to do development have no public record of open source involvement so it could just be a result of that this is so rare the customers never had a reason to learn or adapt to using open source contributions as a “factor”.

Or maybe I’m just ignorant and haven’t figured out how my customers truly work.

Do I work with open source in my day job? Yes almost exclusively. I’ve been working with Linux in various embedded systems basically the last 8 years and working with Linux systems pretty much implies a wide range of open source development tools as well.

Linux

Even more Linux sound

December 3, 2008 Daniel Stenberg

Using the same “apt-get remove esound” trick I mentioned before, I tricked my Debian Testing based laptop to produce sound without manual fiddling as well!

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

tech, open source and networking