Embed Size (px)
Citation preview
DNS Dynamic Update Performance Study
2014.10.10
The Purpose
• Dynamic update and XFR is key approach to perform zone data replication and synchronization, to study its performance limitation is meaningful to estimate the efficiency of the whole DNS system
• Provide operational practice to DNS operators.
• Provide improvements to DNS standard and software implementation
• Data flow: Primary master -> master -> slave• Generate root zone file, and record the initialized SOA
serial number s0.• Record current time t0 and start to keep sending n
numbers of update requests to primary master without waiting for the ACK from server. Each request is to adding one new TLD which include one NS and one related glue.
• At the same time, without waiting for the sending finish, keep querying all three servers, record the time when the SOA serial of respective server reaches to s0 + n, record the final time t1.
• For each server the UPS(update per second) is (t1 – t0)/n
Test Method
Factors may affect the performance
• Zone size• Query pressure of slave node• DNSSEC (not only affect the zone size, but also
complicate the update process)• Hard driver write performance
Test Environment
• Network topology• Hardware configuration• OS/DNS software
Network Topology
Hardware Configuration
Controller:OS: Centos 6.4 x86_64CPU : Intel(R) Xeon(R) CPU E5-2403 v2 1.80GHzMemory : DDR3 1333 2GHard driver: ST500DM002-1BD142 7200 16M
Primary Master/master/slave:OS : Centos 6.4 x86_64/Freebsd 10.0 x86_64CPU : Intel Xeon E3-1220v2 3.1GHZ 4 cores 4 ThreadsMemory : DDR3 1333 ECC 32GHard driver: ST500DM002-1BD142 7200 16M
Dns Software
• Primary master – BIND(9.9.5)
• Master– BIND(9.9.5)
• Slave– BIND(9.9.5)– NSD(3.2.18)– KNOT(1.5.1)
UPS VS TLD Count(without DNSSEC)
UPS VS TLD Count(with DNSSEC)
UPS vs QPS on Slave Node
Performance Analysis
• For primary master, the update procedure is:– Generate the difference (update validation)– Apply the diff to memory DB– Write to journal file– Mark zone to dirty and later synchronize memory
data with zone file– Notify other name servers
• The bottleneck is hard driver write– To make all the modification persistent, BIND will
make sure the journal file is written into disk, which using fsync
Whether is better with SSD?
Hardware Configuration
Primary Master (mac pro):OS: OS X 10.9.5CPU : 2.4 GHz Intel Core i5Memory : 8 GB 1600 MHz DDR3Hard driver : APPLE SSD SD0256F Media
Slave (mac air):OS : OS X 10.9.5CPU : 2.7 GHz Intel Core i5Memory : 4 GB 1600 MHz DDR3Hard driver : APPLE SSD SD0256F Media
UPS VS TLD Count(without DNSSEC)
UPS VS TLD Count(with DNSSEC)
UPS VS QPS (UDP/DO)
Persistent DB vs Memory DB
• Like root server system, most distributed DNS system stores RRs into rational DB, using DNS server to provide query and zone synchronization service.
• Modify BIND without generating journal file and synchronizing zone file with memory DB to promote the performance.
• The following test result is based on the first test environment with modification BIND running on primary master.
UPS vs TLD Count(without DNSSEC)
UPS vs TLD Count(with DNSSEC)
UPS vs QPS (UDP/DO)
Conclusion
• The updating for one zone is sequential, therefore multi-core won’t help.
• Without persistent guarantee, dynamic update itself is quite efficient
• DNSSEC affect the performance by 50% decrease
• For each hierarchy level, the performance is dropped by 20~30%
• If memory is sufficient, zone size has little impact on update performance.
• UDP query pressure also has little impact. Mainly because computation resource and file descriptor resource are sufficient.
• For slave node, under update pressure, if KNOT receive IXFR exceeding 1024 serial number change, it will fall back to AXFR which will cause more transfer time and zone file synchronization time. It is the reason why it slower than NSD at some point, and more bigger the zone size, more slower the transfer.
What’s next
• The affection of hierarchy depth is tested, the width of it is another important factor of the performance, with more resources, the test will be performed in the near future.
• The testing is under LAN, when transfer across WAN, the behavior should be different.
Q & A
![fVIif.k;k¡ ljy jSf[kd xfr - National Institute of Open Schooling · HkkSfrdh 37 ljy jSf[kd xfr ekWM~;wy - 1 xfr] cy ,oa ÅtkZ fVIif.k;k¡ gy: fn;k gS x = 20t2 è;ku nsa x dk ek=kd](https://img.dokumen.tips/doc/110x75/604962ecde26c0121653f8b3/fviifkk-ljy-jsfkd-xfr-national-institute-of-open-schooling-hkksfrdh-37-ljy.jpg)
![ek=kd] foek,a ,oa lfn'k ekWM~;wy xfr] cy ,oa ÅtkZ fVIif.k;k ...HkkSfrdh 5 ek=kd] foek,a ,oa lfn'k ekWM~;wy - 1 xfr] cy ,oa ÅtkZ fVIif.k;k¡ Hkkjrh; ijaijkvksa esa ekiu Hkkjr esa](https://img.dokumen.tips/doc/110x75/611de8ca39468f69232525ba/ekkd-foeka-oa-lfnk-ekwmwy-xfr-cy-oa-tkz-fviifkk-hkksfrdh-5-ekkd.jpg)
![iPphl cksy dk FkksdM+k - sadhumargi.com · 4: Pachchees bol Pachchees bol : 5 igys cksys xfr 444 P AHALE BOLE GA TI 4 ujd xfr] fr;Zap xfr] euq"; xfr vkSj nso xfrA Narak gati, Tiryanch](https://img.dokumen.tips/doc/110x75/5b885b077f8b9a3d028d0f8c/ipphl-cksy-dk-fkksdmk-4-pachchees-bol-pachchees-bol-5-igys-cksys-xfr-444.jpg)
![z]kI/€¦ · {VG: bT64YOuqcn6/Q |aQE?|zH9L11=i^G j8:,xFR/H_9ZEP-3 \otP]?_{/;](https://img.dokumen.tips/doc/110x75/5f3cd3f1006acd44114a791d/zki-vg-bt64youqcn6q-aqezh9l11ig-j8xfrh9zep-3-otp.jpg)
