Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker Performance on Web Application

Avatar for Yuuki Tsubouchi (yuuk1) Yuuki Tsubouchi (yuuk1)
January 17, 2015
Technology
7
130k

Docker Performance on Web Application

Docker Meetup Tokyo #4

Avatar for Yuuki Tsubouchi (yuuk1)

Yuuki Tsubouchi (yuuk1)

January 17, 2015
Tweet

More Decks by Yuuki Tsubouchi (yuuk1)

See All by Yuuki Tsubouchi (yuuk1)
とあるSREの博士「過程」 / A Certain SRE’s Ph.D. Journey
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
8
3.8k
eBPFを用いたAIネットワーク監視システム論文の実装 / eBPF Japan Meetup #4
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
950
クラウドのテレメトリーシステム研究動向2025年
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
1k
博士論文公聴会: Scaling Telemetry Workloads in Cloud Applications: Techniques for Instrumentation, Storage, and Mining / PhD Defence
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
1
210
博士学位論文予備審査 / Scaling Telemetry Workloads in Cloud Applications: Techniques for Instrumentation, Storage, and Mining
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
1
2k
MetricSifter:クラウドアプリケーションにおける故障箇所特定の効率化のための多変量時系列データの特徴量削減 / FIT 2024
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
2
280
工学としてのSRE再訪 / Revisiting SRE as Engineering
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
19
14k
Cloudless Computingの論文紹介
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
2
570
#SRE論文紹介 Detection is Better Than Cure: A Cloud Incidents Perspective
V. Ganatra et. al., ESEC/FSE’23
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
2.1k

Other Decks in Technology

See All in Technology
SRE新規立ち上げ! Hubbleインフラのこれまでと展望
Avatar for Katsuya Fujii katsuya0515
0
150
AI コードレビューが面倒すぎるのでテスト駆動開発で解決しようとして読んだら、根本的に俺の勘違いだった
Avatar for Mutz mutsumix
0
160
「育てる」サーバーレス 〜チーム開発研修で学んだ、小さく始めて大きく拡張するAWS設計〜
Avatar for yut yu_kod
1
250
家族の思い出を形にする 〜 1秒動画の生成を支えるインフラアーキテクチャ
Avatar for Ojima Hikaru ojima_h
1
190
✨敗北解法コレクション✨〜Expertだった頃に足りなかった知識と技術〜
Avatar for nanachi nanachi
1
340
Oracle Cloud Infrastructure:2025年7月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
1
110
興味の胞子を育て 業務と技術に広がる”きのこ力”
Avatar for Fumiya Sakai fumiyasac0921
0
570
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
Avatar for Akitomo Sato akitomonam
3
250
Segment Anything Modelの最新動向:SAM2とその発展系
Avatar for TakatoYoshikawa tenten0727
0
220
恐怖!テストコードなき夜
Avatar for つくぼし tsukuboshi
2
110
Google Cloud で学ぶデータエンジニアリング入門 2025年版 #GoogleCloudNext / 20250805
Avatar for 風音屋 (Kazaneya) kazaneya
PRO
11
2.6k
Perlアプリケーションで トレースを実装するまでの 工夫と苦労話
Avatar for masayoshi masayoshi
1
400

Featured

See All Featured
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Building an army of robots
Avatar for Kyle Neath kneath
306
45k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
134
9.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3.1k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
37
2.8k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
58
9.5k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
179
9.9k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k

Transcript

  1. Docker Performance on Web Application JEZ@VVLJ %PDLFS.FFUVQ5PLZP

  2. id:y_uuki ӡ༻ @y_uuk1

  3. Docker Engine্Ͱɹ ΞϓϦέʔγϣϯΛɹ ಈ͔ͯ͠ੑೳྼԽ ͠ͳ͍ͷʁ

  4. None

  5. 1 DockerͷύϑΥʔϚϯεʹ ͓͍ͯॏཁͳ͜ͱ͸ͳʹ͔

  6. Linux Containers

  7. /FUXPSL /BNFTQBDF *1$ /BNFTQBDF 654 /BNFTQBDF .PVOU /BNFTQBDF 6TFS /BNFTQBDF

    1*% /BNFTQBDF

  8. /FUXPSL /BNFTQBDF *1$ /BNFTQBDF 654 /BNFTQBDF .PVOU /BNFTQBDF 6TFS /BNFTQBDF

    1*% /BNFTQBDF -JOVYΧʔωϧͷ໊લۭؒػೳͷ ू·Γ

  9. Linux Containers Χʔωϧͷ֤ϦιʔεΛ໊લۭؒͰִ཭͠ ۭͨؒͰϓϩηεΛ࣮ߦ͢Δͱ͍͏Ϟσϧ ϑΝΠϧγεςϜɼϢʔβɼϓϩηεςʔ ϒϧɼωοτϫʔΫ… etc LXC ͸ Linux

    Containers ͷϑϩϯτΤϯυ

  10. Linux Containers Overhead ୯ମͷLinux ΧʔωϧͰ׬݁͢ΔͷͰ ΦϒδΣΫτͷڞ༗ޮ཰͕Α͍ Hypervisor ͷΑ͏ʹ֤ϦιʔεΛɹɹ ೋॏॲཧ͠ͳͯ͘Α͍

  11. example/packet receive /*$ ,FSOFM 6TFSMBOE $PQZ $PQZ 4JOHMF ,FSOFM

  12. example/packet receive /*$ ,FSOFM 6TFSMBOE $PQZ $PQZ /*$ ,FSOFM ,FSOFM

    $PQZ $PQZ 4JOHMF ,FSOFM )ZQFSWJTPS 9FO ,7. 6TFSMBOE $PQZ ˞ 43*07ͳͲ)ZQFSWJTPSͰ΋ύέοτίϐʔΦʔόϔουΛগͳ͘ ͢Δ࣮૷͸͋Δ

  13. Linux Containers ͩͱ Single Kernel Ͱ଎͍

  14. Docker Filesystem -JOVY$POUBJOFST

  15. UNION Filesystem -JOVY$POUBJOFST %PDLFS'JMFTZTUFN

  16. IUUQTEPDTEPDLFSDPNUFSNTJNBHFTEPDLFSpMFTZTUFNTNVMUJMBZFSQOH UNION Filesystem Image

  17. 8SJUF*0 3FBE*0 ADBUFUDEFCJBO@WFSTJPOA

  18. 8SJUF*0 3FBE*0 8SJUF*0͸࠷্૚΁ॻ͖ࠐΈ 3FBE*0͸֘౰ϑΝΠϧΛ ֨ೲ͢Δ૚Λ୳ࡧ

  19. UNION Filesystem • AUFS, Btrfs, OverlayFS … ͳͲΛ࢖࣮ͬͯݱ • Copy

    On Write: ݪຊΛෳ੡ͨ͠;ΓΛͯ͠ ͓͍ͯ৽نॻ͖ࠐΈ͕͋ͬͨΒෳ੡Λ࡞Δ • LinuxΧʔωϧඪ४ͷ Device MapperΛ࢖ͬ ͯ΋࣮ݱͰ͖Δ

  20. Storage drivers -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN

  21. EFWJDFNBQQFS BVGT CUSGT PWFSMBZGT

  22. EFWJDFNBQQFS BVGT CUSGT PWFSMBZGT 6OJPO'4ͷ࣮૷Λબ୒Ͱ͖Δ

  23. Storage drivers devicemapper, aufs, btrfs, overrayfs (vfs) Χʔωϧඪ४ͳͨΊRHELܥͰͷɹɹ σϑΥϧτ͸ devicemapper

  24. Device Mapper ϒϩοΫσόΠε΁ͷI/Oʹ༷ʑͳม׵ΛՃ͑Δ͜ͱ͕ Ͱ͖Δ (҉߸ԽɺετϥΠϓɺϛϥʔ ͳͲ) ϒϩοΫσόΠευϥΠόϨϕϧͷ࣮૷ͳͷͰɹɹɹɹ ಛఆͷϑΝΠϧγεςϜʹґଘ͠ͳ͍ LVMͳͲͰ࢖ΘΕ͍ͯΔ docker

    commit ͕૸ΔͱsnapshotσόΠεΛ࡞੒ͯ͠Π ϝʔδ૚ͱ͢Δ

  25. Volume -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST

  26. Volume ίϯςφؒͰσΟϨΫτϦΛڞ༗͢ΔͨΊͷ΋ͷ ίϯςφ͝ͱͰ͸ͳ͘DockerάϩʔόϧͳྖҬʹ֨ ೲ͞ΕΔ ࢦఆͨ͠σΟϨΫτϦҎԼͷΠϝʔδ૚ΛόΠύε͠ ͯΞΫηε I/Oཁٻ͕Union FS෦෼Λ௨Βͳ͍ͷͰΦʔόϔου ͕গͳ͍

  27. howto/Volume EPDLFSSVOWWBSMJCNZTRMNZTRM 70-6.&WBSMJCNZTRM EPDLFSSVONZTRM %PDLFSpMF 4IFMM 4IFMM PS

  28. Docker Network -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF

  29. Portmapper -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF %PDLFS/FUXPSL

  30. Portmapper ίϯςφؒ௨৴΍ίϯςφɾϗετؒ௨৴͸ϗετଆ ͷ iptables ͰNAT ! iptables͕ͳ͍؀ڥͩͱಠࣗͷϢʔβϥϯυͷϓϩη ε(docker-proxy)Ͱίϯςφؒ௨৴ "%0$,&3JEPDLFSQUDQNUDQŠEQPSUK%/"5 ŠUPEFTUJOBUJPO

    EPDLFSQSPYZQSPUPUDQIPTUJQIPTUQPSU DPOUBJOFSJQDPOUBJOFSQPSU

  31. Host Networking -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF %PDLFS/FUXPSL 1PSUNBQQFS

  32. Host Networking ίϯςφ༻ͷNetwork NamespaceΛ࡞Β ͣʹϗετͷωοτϫʔΫΛͦͷ··࢖͏ ίϯςφ͸ϗετଆͷportΛlisten͢Δ iptables΍docker-proxyΛܦ༝͠ͳͯ͘Α ͘ͳΓɺΦʔόϔου͕খ͘͞ͳΔ

  33. howto/Host Networking ! ŠFYFDESJWFSOBUJWF PS -9$Ҏ্ͰŠFYFDESJWFSMYD ͕ඞཁ EPDLFSSVOŠOFUIPTUNZTRM

  34. -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF %PDLFS/FUXPSL 1PSUNBQQFS )PTU/FUXPSLJOH DockerͷύϑΥʔϚϯεʹ ͓͍ͯॏཁͳ͜ͱ͸ͳʹ͔

  35. 2 DockerԽͨ͠ ISUCONΞϓϦέʔγϣϯ ͷϕϯνϚʔΫ

  36. ISUCON *JLBOKJOJ4QFFE6Q$0/UFTU

  37. /HJOY CFODI NBSLFS .Z42- "QQ .FNDBDIFE ISUCON4 ༧બ

  38. Machine & Software Spec instance type: m3.xlarge CPU: Xeon E5-2670

    v2 @ 2.50GHz 4 vCPU Memory: 16GB RAM Storage: Magnetic volume OS: Ubuntu 14.04 LTS Kernel 3.18.0 Docker: 1.4.1 (latest) MySQL: 5.5.40, memcached: 1.4.14, Nginx:1.4.6

  39. νϡʔχϯά಺༰ • είΞ 38446 (໿ 3000 req/s) • ࢼߦ͝ͱʹ +-1000

    είΞఔ౓ͷޡࠩ • ༧બಥഁϨϕϧ • σʔλ͸શ෦ϝϞϦʹ৐Δ • ηογϣϯ৘ใͳͲ͸ memcached • Nginx Ͱ੩తϑΝΠϧΛฦ͢ • ωοτϫʔΫελοΫɺNginx, MySQL ͸ී௨ͷ νϡʔχϯά

  40. Evaluation

  41. • Nginx ͱ MySQL ΛͦΕͧΕDockerԽ • ҎԼͷ֤ํࣜΛnative(default)ͱൺֱ • Nginx͚ͩDockerԽ •

    —net=host ͱ —net=bridge • MySQL͚ͩDockerԽ • storage-driver=devicemapper ͱ storage-driver=overlayfs • Volume ͷ ON/OFF

  42. Result

  43. EFGBVMU /HJOY OFUCSJEHF /HJOY OFUIPTU   

  44. /HJOYʹύέοτ͕ू໿͢Δ /"15͢ΔΦʔόϔου͕ߴ͍

  45. EFGBVMU .Z42- EFWJDFNBQQFS WPMVNFP⒎ .Z42- EFWJDFNBQQFS WPMVNFPO .Z42- PWFSMBZGT WPMVNFP⒎

    .Z42- PWFSMBZGT WPMVNFPO     

  46. 7PMVNFͷ0/0''ͱ TUPSBHFESJWFSʹΑΔ ੑೳྼԽͳ͠

  47. 7PMVNF0''ͰมΘΒͳ͍ 3FBE*0͸ϝϞϦʹશ෦ͷΔ 8SJUF*0͸࠷্૚͚ͩ

  48. NAPTͷߴ଎Խ

  49. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j

    DOCKER

  50. -A OUTPUT E -m addrtype --dst-type LOCAL -j DOCKER

  51. 127.0.0.1Ѽͩͱiptablesͷ DockerνΣʔϯʹೖΒͳ͍

  52. docker-proxy EPDLFSQSPYZQSPUPUDQIPTUJQ IPTUQPSU DPOUBJOFSJQDPOUBJOFSQPSUA

  53. docker-proxy EPDLFSQSPYZQSPUPUDQIPTUJQ IPTUQPSU DPOUBJOFSJQDPOUBJOFSQPSUA CPU 50%

  54. benchmarker bench --host 172.31.8.235 --init ~/init.sh --workload 8

  55. 32172 37931

  56. ͳͥ userland ͷ proxy ͕͍Δͷ͔

  57. IUUQTHJUIVCDPNEPDLFSEPDLFSQVMM

  58. Hairpin NAT

  59. )PTU $POUBJOFS EPDLFS  -*45&/ FUI FUI MP FUI FUI

  60. ETU MP FUI FUI )PTU $POUBJOFS EPDLFS  -*45&/ FUI

    FUI

  61. ETU "%0$,&3JEPDLFSQUDQNUDQEQPSU K%/"5UPEFTUJOBUJPO )PTU $POUBJOFS MP FUI FUI EPDLFS 

    -*45&/ FUI FUI

  62. ETU "%0$,&3JEPDLFSQUDQNUDQEQPSU K%/"5UPEFTUJOBUJPO )PTU $POUBJOFS MP FUI FUI EPDLFS 

    -*45&/ -*45&/ Ծ૝bridge(docker0)Λ Hairpin NAT modeʹ͠ͳ͍ͱ NAT͞Εͳ͍

  63. FDIPTZTDMBTTOFUCSCSJGFUIIBJSQJO@NPEF

  64. IUUQTHJUIVCDPNEPDLFSEPDLFSQVMM

  65. None

  66. 3)&-BOE$FOU04 SFBEPOMZTZT

  67. 1. DockerͷύϑΥʔϚϯεʹ͍ͭͯ ॏཁͳࣄ͸ͳʹ͔ 2. DockerԽͨ͠ISUCONΞϓϦέʔ γϣϯͷϕϯνϚʔΫ

  68. Linux Containers Docker Filesystem UNION Filesystem Storage drivers Volume Docker

    Network Portmapper Host Networking

  69. Linux Containers Docker Filesystem UNION Filesystem Storage drivers Volume Docker

    Network Portmapper (Performance issue) Host Networking
  70. None

  71. IUUQIBUFOBDPSQKQSFDSVJUDBSFFSTBMFTFOHJOFFS ηʔϧεΤϯδχΞ৬

  72. ! 8FCΦϖϨʔγϣϯΤϯδχΞ Λืू͓ͯ͠Γ·͢