Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker Performance on Web Application

Avatar for Yuuki Tsubouchi (yuuk1) Yuuki Tsubouchi (yuuk1)
January 17, 2015
Technology
7
130k

Docker Performance on Web Application

Docker Meetup Tokyo #4
Avatar for Yuuki Tsubouchi (yuuk1)

Yuuki Tsubouchi (yuuk1)

January 17, 2015
Tweet

More Decks by Yuuki Tsubouchi (yuuk1)

See All by Yuuki Tsubouchi (yuuk1)
eBPFを用いたAIネットワーク監視システム論文の実装 / eBPF Japan Meetup #4
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
760
クラウドのテレメトリーシステム研究動向2025年
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
950
博士論文公聴会: Scaling Telemetry Workloads in Cloud Applications: Techniques for Instrumentation, Storage, and Mining / PhD Defence
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
1
160
博士学位論文予備審査 / Scaling Telemetry Workloads in Cloud Applications: Techniques for Instrumentation, Storage, and Mining
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
1
1.9k
MetricSifter:クラウドアプリケーションにおける故障箇所特定の効率化のための多変量時系列データの特徴量削減 / FIT 2024
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
2
260
工学としてのSRE再訪 / Revisiting SRE as Engineering
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
19
14k
Cloudless Computingの論文紹介
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
2
550
#SRE論文紹介 Detection is Better Than Cure: A Cloud Incidents Perspective
V. Ganatra et. al., ESEC/FSE’23
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
2.1k
エンジニアのためのSRE論文への招待 / Introduction to SRE Papers for Engineers
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
2
11k

Other Decks in Technology

See All in Technology
本部長の代わりに提案書レビュー! KDDI営業が毎日使うAIエージェント「A-BOSS」開発秘話
Avatar for みのるん minorun365
PRO
14
1.8k
DenoとJSRで実現する最速MCPサーバー開発記 / Building MCP Servers at Lightning Speed with Deno and JSR
Avatar for Okuto Oyama yamanoku
1
100
脅威をモデリングしてMCPのセキュリティ対策を考えよう
Avatar for GMO Flatt Security flatt_security
4
1.7k
Workflows から Agents へ ~ 生成 AI アプリの成長過程とアプローチ~
Avatar for Belong inc. belongadmin
3
160
キャディでのApache Iceberg, Trino採用事例 -Apache Iceberg and Trino Usecase in CADDi--
Avatar for recruiting@caddi.jp caddi_eng
0
150
Create a Rails8 responsive app with Gemini and RubyLLM
Avatar for Riccardo Carlesso palladius
0
120
Contract One Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
6.4k
Grafana MCP serverでなんかし隊 / Try Grafana MCP server
Avatar for kohbis kohbis
0
360
AIエージェントの継続的改善のためオブザーバビリティ
Avatar for PharmaX(旧YOJO Technologies)開発チーム pharma_x_tech
6
1.2k
QAはソフトウェアエンジニアリングを学んで実践するのが大事なの
Avatar for ymty ymty
1
400
Web3 のリアリティ / Web3 Reality
Avatar for Kenji Saito ks91
PRO
0
100
RubyOnRailsOnDevin+α / DevinMeetupJapan#2
Avatar for ginkouno ginkouno
0
450

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
35
6.7k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.3k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
614
210k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
39
1.8k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.7k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
657
60k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
46
14k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k

Transcript

  1. Docker Performance on Web Application JEZ@VVLJ %PDLFS.FFUVQ5PLZP

  2. id:y_uuki ӡ༻ @y_uuk1

  3. Docker Engine্Ͱɹ ΞϓϦέʔγϣϯΛɹ ಈ͔ͯ͠ੑೳྼԽ ͠ͳ͍ͷʁ

  4. None

  5. 1 DockerͷύϑΥʔϚϯεʹ ͓͍ͯॏཁͳ͜ͱ͸ͳʹ͔

  6. Linux Containers

  7. /FUXPSL /BNFTQBDF *1$ /BNFTQBDF 654 /BNFTQBDF .PVOU /BNFTQBDF 6TFS /BNFTQBDF

    1*% /BNFTQBDF

  8. /FUXPSL /BNFTQBDF *1$ /BNFTQBDF 654 /BNFTQBDF .PVOU /BNFTQBDF 6TFS /BNFTQBDF

    1*% /BNFTQBDF -JOVYΧʔωϧͷ໊લۭؒػೳͷ ू·Γ

  9. Linux Containers Χʔωϧͷ֤ϦιʔεΛ໊લۭؒͰִ཭͠ ۭͨؒͰϓϩηεΛ࣮ߦ͢Δͱ͍͏Ϟσϧ ϑΝΠϧγεςϜɼϢʔβɼϓϩηεςʔ ϒϧɼωοτϫʔΫ… etc LXC ͸ Linux

    Containers ͷϑϩϯτΤϯυ

  10. Linux Containers Overhead ୯ମͷLinux ΧʔωϧͰ׬݁͢ΔͷͰ ΦϒδΣΫτͷڞ༗ޮ཰͕Α͍ Hypervisor ͷΑ͏ʹ֤ϦιʔεΛɹɹ ೋॏॲཧ͠ͳͯ͘Α͍

  11. example/packet receive /*$ ,FSOFM 6TFSMBOE $PQZ $PQZ 4JOHMF ,FSOFM

  12. example/packet receive /*$ ,FSOFM 6TFSMBOE $PQZ $PQZ /*$ ,FSOFM ,FSOFM

    $PQZ $PQZ 4JOHMF ,FSOFM )ZQFSWJTPS 9FO ,7. 6TFSMBOE $PQZ ˞ 43*07ͳͲ)ZQFSWJTPSͰ΋ύέοτίϐʔΦʔόϔουΛগͳ͘ ͢Δ࣮૷͸͋Δ

  13. Linux Containers ͩͱ Single Kernel Ͱ଎͍

  14. Docker Filesystem -JOVY$POUBJOFST

  15. UNION Filesystem -JOVY$POUBJOFST %PDLFS'JMFTZTUFN

  16. IUUQTEPDTEPDLFSDPNUFSNTJNBHFTEPDLFSpMFTZTUFNTNVMUJMBZFSQOH UNION Filesystem Image

  17. 8SJUF*0 3FBE*0 ADBUFUDEFCJBO@WFSTJPOA

  18. 8SJUF*0 3FBE*0 8SJUF*0͸࠷্૚΁ॻ͖ࠐΈ 3FBE*0͸֘౰ϑΝΠϧΛ ֨ೲ͢Δ૚Λ୳ࡧ

  19. UNION Filesystem • AUFS, Btrfs, OverlayFS … ͳͲΛ࢖࣮ͬͯݱ • Copy

    On Write: ݪຊΛෳ੡ͨ͠;ΓΛͯ͠ ͓͍ͯ৽نॻ͖ࠐΈ͕͋ͬͨΒෳ੡Λ࡞Δ • LinuxΧʔωϧඪ४ͷ Device MapperΛ࢖ͬ ͯ΋࣮ݱͰ͖Δ

  20. Storage drivers -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN

  21. EFWJDFNBQQFS BVGT CUSGT PWFSMBZGT

  22. EFWJDFNBQQFS BVGT CUSGT PWFSMBZGT 6OJPO'4ͷ࣮૷Λબ୒Ͱ͖Δ

  23. Storage drivers devicemapper, aufs, btrfs, overrayfs (vfs) Χʔωϧඪ४ͳͨΊRHELܥͰͷɹɹ σϑΥϧτ͸ devicemapper

  24. Device Mapper ϒϩοΫσόΠε΁ͷI/Oʹ༷ʑͳม׵ΛՃ͑Δ͜ͱ͕ Ͱ͖Δ (҉߸ԽɺετϥΠϓɺϛϥʔ ͳͲ) ϒϩοΫσόΠευϥΠόϨϕϧͷ࣮૷ͳͷͰɹɹɹɹ ಛఆͷϑΝΠϧγεςϜʹґଘ͠ͳ͍ LVMͳͲͰ࢖ΘΕ͍ͯΔ docker

    commit ͕૸ΔͱsnapshotσόΠεΛ࡞੒ͯ͠Π ϝʔδ૚ͱ͢Δ

  25. Volume -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST

  26. Volume ίϯςφؒͰσΟϨΫτϦΛڞ༗͢ΔͨΊͷ΋ͷ ίϯςφ͝ͱͰ͸ͳ͘DockerάϩʔόϧͳྖҬʹ֨ ೲ͞ΕΔ ࢦఆͨ͠σΟϨΫτϦҎԼͷΠϝʔδ૚ΛόΠύε͠ ͯΞΫηε I/Oཁٻ͕Union FS෦෼Λ௨Βͳ͍ͷͰΦʔόϔου ͕গͳ͍

  27. howto/Volume EPDLFSSVOWWBSMJCNZTRMNZTRM 70-6.&WBSMJCNZTRM EPDLFSSVONZTRM %PDLFSpMF 4IFMM 4IFMM PS

  28. Docker Network -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF

  29. Portmapper -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF %PDLFS/FUXPSL

  30. Portmapper ίϯςφؒ௨৴΍ίϯςφɾϗετؒ௨৴͸ϗετଆ ͷ iptables ͰNAT ! iptables͕ͳ͍؀ڥͩͱಠࣗͷϢʔβϥϯυͷϓϩη ε(docker-proxy)Ͱίϯςφؒ௨৴ "%0$,&3JEPDLFSQUDQNUDQŠEQPSUK%/"5 ŠUPEFTUJOBUJPO

    EPDLFSQSPYZQSPUPUDQIPTUJQIPTUQPSU DPOUBJOFSJQDPOUBJOFSQPSU

  31. Host Networking -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF %PDLFS/FUXPSL 1PSUNBQQFS

  32. Host Networking ίϯςφ༻ͷNetwork NamespaceΛ࡞Β ͣʹϗετͷωοτϫʔΫΛͦͷ··࢖͏ ίϯςφ͸ϗετଆͷportΛlisten͢Δ iptables΍docker-proxyΛܦ༝͠ͳͯ͘Α ͘ͳΓɺΦʔόϔου͕খ͘͞ͳΔ

  33. howto/Host Networking ! ŠFYFDESJWFSOBUJWF PS -9$Ҏ্ͰŠFYFDESJWFSMYD ͕ඞཁ EPDLFSSVOŠOFUIPTUNZTRM

  34. -JOVY$POUBJOFST %PDLFS'JMFTZTUFN 6/*0/'JMFTZTUFN 4UPSBHF%SJWFST 7PMVNF %PDLFS/FUXPSL 1PSUNBQQFS )PTU/FUXPSLJOH DockerͷύϑΥʔϚϯεʹ ͓͍ͯॏཁͳ͜ͱ͸ͳʹ͔

  35. 2 DockerԽͨ͠ ISUCONΞϓϦέʔγϣϯ ͷϕϯνϚʔΫ

  36. ISUCON *JLBOKJOJ4QFFE6Q$0/UFTU

  37. /HJOY CFODI NBSLFS .Z42- "QQ .FNDBDIFE ISUCON4 ༧બ

  38. Machine & Software Spec instance type: m3.xlarge CPU: Xeon E5-2670

    v2 @ 2.50GHz 4 vCPU Memory: 16GB RAM Storage: Magnetic volume OS: Ubuntu 14.04 LTS Kernel 3.18.0 Docker: 1.4.1 (latest) MySQL: 5.5.40, memcached: 1.4.14, Nginx:1.4.6

  39. νϡʔχϯά಺༰ • είΞ 38446 (໿ 3000 req/s) • ࢼߦ͝ͱʹ +-1000

    είΞఔ౓ͷޡࠩ • ༧બಥഁϨϕϧ • σʔλ͸શ෦ϝϞϦʹ৐Δ • ηογϣϯ৘ใͳͲ͸ memcached • Nginx Ͱ੩తϑΝΠϧΛฦ͢ • ωοτϫʔΫελοΫɺNginx, MySQL ͸ී௨ͷ νϡʔχϯά

  40. Evaluation

  41. • Nginx ͱ MySQL ΛͦΕͧΕDockerԽ • ҎԼͷ֤ํࣜΛnative(default)ͱൺֱ • Nginx͚ͩDockerԽ •

    —net=host ͱ —net=bridge • MySQL͚ͩDockerԽ • storage-driver=devicemapper ͱ storage-driver=overlayfs • Volume ͷ ON/OFF

  42. Result

  43. EFGBVMU /HJOY OFUCSJEHF /HJOY OFUIPTU   

  44. /HJOYʹύέοτ͕ू໿͢Δ /"15͢ΔΦʔόϔου͕ߴ͍

  45. EFGBVMU .Z42- EFWJDFNBQQFS WPMVNFP⒎ .Z42- EFWJDFNBQQFS WPMVNFPO .Z42- PWFSMBZGT WPMVNFP⒎

    .Z42- PWFSMBZGT WPMVNFPO     

  46. 7PMVNFͷ0/0''ͱ TUPSBHFESJWFSʹΑΔ ੑೳྼԽͳ͠

  47. 7PMVNF0''ͰมΘΒͳ͍ 3FBE*0͸ϝϞϦʹશ෦ͷΔ 8SJUF*0͸࠷্૚͚ͩ

  48. NAPTͷߴ଎Խ

  49. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j

    DOCKER

  50. -A OUTPUT E -m addrtype --dst-type LOCAL -j DOCKER

  51. 127.0.0.1Ѽͩͱiptablesͷ DockerνΣʔϯʹೖΒͳ͍

  52. docker-proxy EPDLFSQSPYZQSPUPUDQIPTUJQ IPTUQPSU DPOUBJOFSJQDPOUBJOFSQPSUA

  53. docker-proxy EPDLFSQSPYZQSPUPUDQIPTUJQ IPTUQPSU DPOUBJOFSJQDPOUBJOFSQPSUA CPU 50%

  54. benchmarker bench --host 172.31.8.235 --init ~/init.sh --workload 8

  55. 32172 37931

  56. ͳͥ userland ͷ proxy ͕͍Δͷ͔

  57. IUUQTHJUIVCDPNEPDLFSEPDLFSQVMM

  58. Hairpin NAT

  59. )PTU $POUBJOFS EPDLFS  -*45&/ FUI FUI MP FUI FUI

  60. ETU MP FUI FUI )PTU $POUBJOFS EPDLFS  -*45&/ FUI

    FUI

  61. ETU "%0$,&3JEPDLFSQUDQNUDQEQPSU K%/"5UPEFTUJOBUJPO )PTU $POUBJOFS MP FUI FUI EPDLFS 

    -*45&/ FUI FUI

  62. ETU "%0$,&3JEPDLFSQUDQNUDQEQPSU K%/"5UPEFTUJOBUJPO )PTU $POUBJOFS MP FUI FUI EPDLFS 

    -*45&/ -*45&/ Ծ૝bridge(docker0)Λ Hairpin NAT modeʹ͠ͳ͍ͱ NAT͞Εͳ͍

  63. FDIPTZTDMBTTOFUCSCSJGFUIIBJSQJO@NPEF

  64. IUUQTHJUIVCDPNEPDLFSEPDLFSQVMM

  65. None

  66. 3)&-BOE$FOU04 SFBEPOMZTZT

  67. 1. DockerͷύϑΥʔϚϯεʹ͍ͭͯ ॏཁͳࣄ͸ͳʹ͔ 2. DockerԽͨ͠ISUCONΞϓϦέʔ γϣϯͷϕϯνϚʔΫ

  68. Linux Containers Docker Filesystem UNION Filesystem Storage drivers Volume Docker

    Network Portmapper Host Networking

  69. Linux Containers Docker Filesystem UNION Filesystem Storage drivers Volume Docker

    Network Portmapper (Performance issue) Host Networking
  70. None

  71. IUUQIBUFOBDPSQKQSFDSVJUDBSFFSTBMFTFOHJOFFS ηʔϧεΤϯδχΞ৬

  72. ! 8FCΦϖϨʔγϣϯΤϯδχΞ Λืू͓ͯ͠Γ·͢