CentOS 7 Overview. Part 5: Network Performance Optimization

    Previous CentOS 7 articles have covered:
    Part 1: Linux containers
    Part 2: identity management
    Part 3: NFS, FedFS, pNFS
    Part 4: mitigating DDoS TCP attacks SYN Flood

    In this article we will talk about network improvements in CentOS 7:
    • network performance optimization;
    • low latency socket support;
    • high precision time synchronization.
    • security improvements;



    At the end of the article, links to free CentOS 7 testing in the InfoboxCloud cloud and in Infobox VPS .

    Network bandwidth usage continues to grow. The network can become a potential application bottleneck. CentOS 7 adds support for 40-gigabit networks, which allows faster data exchange between systems and applications. In CentOS 7, the Team Driver mechanism has been added, which allows you to virtually combine a set of network devices (ports) into a single logical interface. This is useful for maximum throughput and network resiliency.

    To simplify network management, the Network manager in CentOS 7 received a significant update that fixes a number of shortcomings related to configuring network interfaces and services. A new command line network management utility (NM-CLI) has been added for easy network configuration and management. This tool should be in demand among system administrators for managing servers from the command line, for remote server management and scripting.

    Network performance optimization


    Introduced about 40 years ago, TCP was designed to provide reliable communications between hosts. Despite large-scale changes in networks during this time, we still use TCP.

    CentOS 7 introduced TCP performance optimizations that reduce latency and reduce application response time:
    • TCP Fast Open : An experimental TCP extension designed to reduce the overhead of establishing a TCP connection. The extension is useful for speeding up HTTP connections during handshakes and can add performance from 4% to 41% in the speed of loading pages on sites.
    • TCP Tail Loss Probe (TLP) is an experimental algorithm that improves network stack performance when packets are lost at the end of a TCP connection. For short transactions, TLP should reduce transmission timeouts by 15% and for short HTTP responses by 6%.
    • TCP Early Retransmit enables the use of fast retransmissions to recover losses in network segments. In other words, when packet loss occurs, connections are restored faster, which improves overall latency.
    • TCP Proportional Rate Reduction (PRR) is an experimental algorithm designed to adapt the transmission rate to the bandwidth available to the receiver or routers on the network to prevent congestion. The algorithm is designed to return to the maximum transfer speed faster and can reduce HTTP response time by 3-10%.


    Low latency sockets


    Despite the fact that the Linux network stack is considered one of the fastest and most reliable, some applications require ultra-low latency. Reducing the delay by one millisecond for a large brokerage firm can bring $ 100 million per year. Many use non-standard approaches to bypass the network stack in user space.

    Low latency sockets are a core software implementation designed to reduce network latency and jitter. This feature allows the application to allow polling of new packages directly from the device driver, providing packages with a quick path in the network stack. This change calls the driver to check the interface for new packages and passes them without causing a lock.

    The technology allows applications that are sensitive to unpredictable delays to use the busy-wait polling method instead of using interrupts for incoming packets.

    High precision time synchronization


    Accurate time synchronization in microseconds and nanoseconds is very important for critical applications with high requirements for speed and latency, for example, when trading on exchanges. CentOS 7 introduced a new implementation of the NTP protocol - Chrony, which allows you to synchronize time faster and more accurately than ntpd. Chrony also works better in virtual machines or computers with energy-efficient technologies, keeping time accurate.

    In addition to the NTP improvements, Cent OS 7 introduced support for the IEEE 1588 Standard 2 Precision Time Protocol (PTP). PTP provides accuracy in less than a millisecond.

    Security


    Iptables was developed at a time when networks were simple and bandwidth was measured in megabits. New technologies (distributed NATs, overlay networks and containers) require enhanced functionality and flexibility. CentOS 7 adds a new dynamic FirewallD service. The service provides more flexibility compared to iptables, for example, it supports various zones of network trust. With FirewallD, you can apply the rules without rebooting the service without losing the current connections.

    Sources used in preparing the article:
    Official RedHat Blog RedHat
    Knowledge Base
    Official CentOS Blog

    Try CentOS 7 in the Cloud

    Especially for our readers, we provided the opportunity to try CentOS 7 in the InfoboxCloud cloud. Register a trial version of the cloud at this link . You can try classic VPS with CentOS 7 for free using the freevps promo code on the Infobox website . If you need more resources for testing, write .

    If you cannot ask questions on Habré, you can ask them in the comments to the article in the InfoboxCloud Community .

    Successful use of CentOS 7!

    Also popular now: