-
Notifications
You must be signed in to change notification settings - Fork 557
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add documentation on performance tuning
Thanks to various people who submitted this information over time, and special thanks to @maxpain for IOMMU fix. Fixes #9539 Signed-off-by: Andrey Smirnov <[email protected]>
- Loading branch information
Showing
2 changed files
with
150 additions
and
0 deletions.
There are no files selected for viewing
75 changes: 75 additions & 0 deletions
75
website/content/v1.8/talos-guides/configuration/performance-tuning.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| --- | ||
| title: "Performance Tuning" | ||
| description: "In this guide, we'll describe various performance tuning knobs available." | ||
| --- | ||
|
|
||
| Talos Linux tries to strike a balance between performance and security/efficiency. | ||
| However, there are some performance tuning knobs available to adjust the system to your needs. | ||
| With any performance tuning, it's essential to measure the impact of the changes and ensure they don't introduce security vulnerabilities. | ||
|
|
||
| > Note: Most of the suggestions below apply to bare metal machines, but some of them might be useful for VMs as well. | ||
| If you find more performance tuning knobs, please let us know by editing this document. | ||
|
|
||
| ## Kernel Parameters | ||
|
|
||
| Talos Linux kernel parameters can be adjusted in the following ways: | ||
|
|
||
| * temporary, one-time adjustments can be done via console access, and editing the kernel command line in the bootloader (doesn't work for Secure Boot enabled systems) | ||
| * on initial install (when booting off ISO/PXE), `.machine.install.extraKernelArgs` can be used to set kernel parameters | ||
| * after the initial install (or when booting off a disk image), `.machine.install.extraKernelArgs` changes require a no-op upgrade (e.g. to the same version of Talos) to take effect | ||
|
|
||
| ### CPU Scaling | ||
|
|
||
| Talos Linux uses the `schedutil` [CPU scaling governor](https://docs.kernel.org/admin-guide/pm/cpufreq.html) by default, for maximum performance, you can switch to the `performance` governor: | ||
|
|
||
| ```text | ||
| cpufreq.default_governor=performance | ||
| ``` | ||
|
|
||
| ### Processor Sleep States | ||
|
|
||
| Modern processors support various sleep states to save power, but they might introduce latency when transitioning back to the active state. | ||
|
|
||
| #### AMD | ||
|
|
||
| For maximum performance (and lower latency), use `active` mode of the [amd-pstate driver](https://docs.kernel.org/admin-guide/pm/amd-pstate.html): | ||
|
|
||
| ```text | ||
| amd_pstate=active | ||
| ``` | ||
|
|
||
| #### Intel | ||
|
|
||
| For maximum performance (and lower latency), disable the `intel_idle` driver: | ||
|
|
||
| ```text | ||
| intel_idle.max_cstate=0 | ||
| ``` | ||
|
|
||
| ### Hardware Vulnerabilities | ||
|
|
||
| Modern processors have various [security vulnerabilities](https://docs.kernel.org/admin-guide/hw-vuln/index.html) that require software/microcode mitigations. | ||
| These mitigations might have a performance impact, and some of them can be disabled if you are willing to take the risk. | ||
|
|
||
| First of all, ensure that Talos system extensions `amd-ucode` and `intel-ucode` are installed (and using latest version of Talos Linux). | ||
| Linux kernel will load the microcode updates on early boot, and for some processors, it might reduce the performance impact of the mitigations. | ||
| The availability of microcode updates depends on the processor model. | ||
|
|
||
| The kernel command line argument `mitigations` can be used to disable all mitigations at once (not recommended from security point of view): | ||
|
|
||
| ```text | ||
| mitigations=off | ||
| ``` | ||
|
|
||
| There is also a way to disable specific mitigations, see [Kernel documentation](https://docs.kernel.org/admin-guide/hw-vuln/index.html) for more details. | ||
|
|
||
| ### I/O | ||
|
|
||
| For Talos Linux before version 1.8.2, the I/O performance can be improved by setting `iommu.strict=0`, for later versions this is a default setting. | ||
|
|
||
| Performance can be further improved at some cost of security by bypassing the I/O memory management unit (IOMMU) for DMA: | ||
|
|
||
| ```text | ||
| iommu.passthrough=1 | ||
| ``` |
75 changes: 75 additions & 0 deletions
75
website/content/v1.9/talos-guides/configuration/performance-tuning.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| --- | ||
| title: "Performance Tuning" | ||
| description: "In this guide, we'll describe various performance tuning knobs available." | ||
| --- | ||
|
|
||
| Talos Linux tries to strike a balance between performance and security/efficiency. | ||
| However, there are some performance tuning knobs available to adjust the system to your needs. | ||
| With any performance tuning, it's essential to measure the impact of the changes and ensure they don't introduce security vulnerabilities. | ||
|
|
||
| > Note: Most of the suggestions below apply to bare metal machines, but some of them might be useful for VMs as well. | ||
| If you find more performance tuning knobs, please let us know by editing this document. | ||
|
|
||
| ## Kernel Parameters | ||
|
|
||
| Talos Linux kernel parameters can be adjusted in the following ways: | ||
|
|
||
| * temporary, one-time adjustments can be done via console access, and editing the kernel command line in the bootloader (doesn't work for Secure Boot enabled systems) | ||
| * on initial install (when booting off ISO/PXE), `.machine.install.extraKernelArgs` can be used to set kernel parameters | ||
| * after the initial install (or when booting off a disk image), `.machine.install.extraKernelArgs` changes require a no-op upgrade (e.g. to the same version of Talos) to take effect | ||
|
|
||
| ### CPU Scaling | ||
|
|
||
| Talos Linux uses the `schedutil` [CPU scaling governor](https://docs.kernel.org/admin-guide/pm/cpufreq.html) by default, for maximum performance, you can switch to the `performance` governor: | ||
|
|
||
| ```text | ||
| cpufreq.default_governor=performance | ||
| ``` | ||
|
|
||
| ### Processor Sleep States | ||
|
|
||
| Modern processors support various sleep states to save power, but they might introduce latency when transitioning back to the active state. | ||
|
|
||
| #### AMD | ||
|
|
||
| For maximum performance (and lower latency), use `active` mode of the [amd-pstate driver](https://docs.kernel.org/admin-guide/pm/amd-pstate.html): | ||
|
|
||
| ```text | ||
| amd_pstate=active | ||
| ``` | ||
|
|
||
| #### Intel | ||
|
|
||
| For maximum performance (and lower latency), disable the `intel_idle` driver: | ||
|
|
||
| ```text | ||
| intel_idle.max_cstate=0 | ||
| ``` | ||
|
|
||
| ### Hardware Vulnerabilities | ||
|
|
||
| Modern processors have various [security vulnerabilities](https://docs.kernel.org/admin-guide/hw-vuln/index.html) that require software/microcode mitigations. | ||
| These mitigations might have a performance impact, and some of them can be disabled if you are willing to take the risk. | ||
|
|
||
| First of all, ensure that Talos system extensions `amd-ucode` and `intel-ucode` are installed (and using latest version of Talos Linux). | ||
| Linux kernel will load the microcode updates on early boot, and for some processors, it might reduce the performance impact of the mitigations. | ||
| The availability of microcode updates depends on the processor model. | ||
|
|
||
| The kernel command line argument `mitigations` can be used to disable all mitigations at once (not recommended from security point of view): | ||
|
|
||
| ```text | ||
| mitigations=off | ||
| ``` | ||
|
|
||
| There is also a way to disable specific mitigations, see [Kernel documentation](https://docs.kernel.org/admin-guide/hw-vuln/index.html) for more details. | ||
|
|
||
| ### I/O | ||
|
|
||
| For Talos Linux before version 1.8.2, the I/O performance can be improved by setting `iommu.strict=0`, for later versions this is a default setting. | ||
|
|
||
| Performance can be further improved at some cost of security by bypassing the I/O memory management unit (IOMMU) for DMA: | ||
|
|
||
| ```text | ||
| iommu.passthrough=1 | ||
| ``` |