Today I Learned
Today I Learned. Why are we bothering writing things in a blog?
It is a drop in the ocean called Internet but I believe in it. That is the key.
And somehow it can helps us to discover the signal from the noise
Maybe not totally related to this post, but I think you can find that book interesting.
Are we making noise?
From different links, I ended here:
https://en.wikipedia.org/wiki/IBM_and_the_Holocaust
I was quite surprised about the backgroup and links between both sides. We know that there are still some big companies today that had collaborations with the regime in that time. But I didnt know any one related to today’s IT.
Today I had to troubleshoot a websocket issue. I had never dealt with this before. I was told that HAproxy config was fine that it was to be our NGFW doing something nasty at L7.
The connection directly to the server doing websocket was fine from my PC but for some requirement we need to put that server behing a HAproxy. From my PC to the haproxy that is doing “proxy” fore the websocket service failed…
Funny enough HAproxy and the websocket service were running in the same host.
As usual I took a look at the firewall logs. Nothing wrong there at first sight. I took a tcpdump from my pc when connecting to the websocket service and to the haproxy.
The service is very verbose and it is difficult to follow in the capture files as it spawns several connections. I went to the easy part, the capture to the haproxy was showing a lot of TCP retransmissions… The other trace to the websocket service was pretty clean.
Taking into account that the path from my PC to the haproxy server is the always the same (and I was going through a VPN) I could think it was a NGFW issue or something between HAproxy and the websocket service (that is a localhost connection).
As well, I was seeing weird things latency wise. Some TCP resets were taking more than 200ms to arrive to the server when the average RTT was 3ms.
I tried to take a tcpdump between the haproxy service and the websocket service just in case that packet loss was caused locally. The capture was chaos to follow. I had to understand better the sessions in HAproxy.
I changed direction and I went to the NGFW and created a rule that disabled any fancy security check for me to the haproxy server. I wanted to be sure the firewall was innocent.
It was. Same issue. I tried different browsers and always the same.
So I was nearly sure the problem was in HAproxy but I had to prove it. I kind of failed checking the backend connection (haproxy to websockt proxy) so I took again a look to the trace from my pc to haproxy. I was quite frustrated because there was so many connetions openned and then retransmissions started happening that I couldnt really see any problem.
By luck, I noticed that in the good trace (the one going directly to the websocket service) I could see a HTTP GET request for “socket” from my PC. Keep in mind that I have no idea how websocket works. I tried to find a similar request in the haproxy trace, and I saw the problem….
and this is a good connection:
So at the end, HAproxy was at fault (we dont know how to fix it though yet) and my firewall (for once) it is innocent.
The summary, I got overwhelmed by the TCP retransmissions. I was lucky that I saw the GET socket and I assumed that had to be the way to get the websocket connection established. So I should have started investigating how a websocket connections is stablished. As well, I didnt manage to find the HAproxy logs, I am pretty sure I should have found the same answer. So I need to learn to check that.
I learned something new. As usual, it didnt come easy neither quick ๐
One more cloudflare blog that I had in the to-read list:
https://blog.cloudflare.com/when-bloom-filters-dont-bloom
I had never heard about Bloom filters so that was interesting and the actual uses of them:
https://en.wikipedia.org/wiki/Bloom_filter#Examples
I like his point to chose ‘m’, number of bits in the bit array, to be a power of two (module operation becomes a bitwise AND):
But at the end, it is not all about the Bloom filters. It is understanding how things work under the hood and see if they are actually delivering, if not, you should change your approach. So the debugging section “A secret weapon – a profiler” is very good. Profiling is not one of my strengths so the tools used are the ones I need to understand and use more often:
strace -cf perf stat -d perf record perf record | head -n 20 perf annotate process_line --source google-perftools' with kcachegrind
As well the reference to the performance numbers that are good to have in mind:
So I take a copy here:
Things to take in mind:
As well, “The lessons learned” is a great summary of his trip.
So another great post from Marek.
I had in my backlog a long post from Cloudflare about the history of URL. It actually contains much more info. So it is a really nice reading:
https://blog.cloudflare.com/the-history-of-the-url
There are many things that I didnt know but these two caught my attention:
The root DNS zone of the internet is composed of thirteen DNS server clusters. There are only 13 server clusters, because thatโs all we can fit in a single UDP packet. Historically, DNS has operated through UDP packets, meaning the response to a request can never be more than 512 bytes.
I knew there were 13 root DNS cluster but I didnt think the reason why was the UDP packet size!
And from Punycode, interesting you can create emoji urls!
I use gkrellm as my linux monitoring app. I have used it since I started but something I miss is I would like to know what app and destination IPs are causing a traffic spike in my laptop.
Searching a bit a come up with this page with several tools:
Based on my requirement, it seems I need two apps.
Now it is case of remembering the commands ๐ But as far as I have tested. It seems they can do the job.
This is nothing new. But I was reading an article about it and was a good refresh:
https://lwn.net/Articles/748106/
The article is a couple of years old but I think it is still relevant. Most people I know they have their infrastructure in the cloud. In my current job we are still based on bare metal due to the nature of our business but some years ago we were in that point when deciding what to do with our CI/CD environment. I wasnt involved in that decision (only in the deployment/implementation). Our capex was higher but long term (3y), it was cheaper to build in premise than in the cloud. I agree with the article that when you dont know how things are going to grow, scale requirements, etc cloud is the best choice. Once you ran pass the start-up phase, you should reconsider the position.
A couple of weeks ago, at work, sysadmin guys were working on some ZFS issues. They were talking about ZIL and ARC, and I had no idea what was that.
I always wanted to run ZFS, so I think early 2019 I configured my laptop to use ZFS, not in the root partition but in a different partition. I had to configure my Debian Testing to support ZFS (I dont remember if it was very difficult) and then backup some data to make room for my new ZFS partition.
For ZFS basics, you can follow the link below but there are many good tutorial searching in your favourite engine:
In my case, it is a laptop, so I just have one pool that is based on my LV “storage”. I think this was the command I used:
#zpool create -o mountpoint=/home/username storage /dev/mapper/laptop--vg-storage
That would give me the following:
# zpool status pool: storage state: ONLINE status: Some supported features are not enabled on the pool. The pool can still be used, but some features are unavailable. action: Enable all features using 'zpool upgrade'. Once this is done, the pool may no longer be accessible by software that does not support the features. See zpool-features(5) for details. scan: scrub repaired 0B in 0 days 00:10:39 with 0 errors on Sun Jan 12 00:34:40 2020 config: NAME STATE READ WRITE CKSUM storage ONLINE 0 0 0 laptop--vg-storage ONLINE 0 0 0 errors: No known data errors #
And that would be mounted where I requested
$ df -hT | grep zfs storage zfs 176G 73G 103G 42% /home/username/storage
This is too basic, in most cases your will want to have a kinf of RAID. But again, this is a simple laptop. As well, you can configure snapshots (useful if you want to have rollback a server upgrade that involves a huge amount of data) and other performance parameters (as per document below):
https://www.percona.com/live/17/sites/default/files/slides/pl17_ZFS_MySQL_Salesforce_0.pdf
So once you have your ZFS configured and mounted you can work with it as usual.
So back to the ZIL and ARC. Based on the links below:
In my laptop, I dont have any space left to play with this, so I can only check in my employer systems.
I have read the below article and I am going to give it a go in my laptop
https://www.simula.no/file/lj-219-jul-2012pdf/download
First, check the status of tcp thin:
# sysctl net.ipv4.tcp_thin_linear_timeouts
net.ipv4.tcp_thin_linear_timeouts = 0I have realised that I dont have “/proc/sys/net/ipv4/tcp_thin_dupack” as the article mentions…
Ok, let update the value and be sure is still active after reboot.
Enable the value:
# echo "1" > /proc/sys/net/ipv4/tcp_thin_linear_timeouts
# sysctl net.ipv4.tcp_thin_linear_timeouts
net.ipv4.tcp_thin_linear_timeouts = 1Make it permanent, edit /etc/sysctl.conf like this
# Based on https://www.simula.no/file/lj-219-jul-2012pdf/download # enabling tcp thin-steam modifications for reducing latency in interactive apps net.ipv4.tcp_thin_linear_timeouts = 1
Now it is time to test and see if you see any improvement or degradation!
This week attended a webinar from Alex Blewitt about CPU microarchiteture to increase application performance. The link was sent by a work colleague but you can get pdf and see the presentation from the below source:
https://www.infoq.com/presentations/microarchitecture-modern-cpu
The presentation is obviously very interesting. You need to know your CPU to get the most of it.
How can I see my CPU architecture? “lstopo” (graphic) or “lstopo-no-graphics” is your friend. This is from my laptop.
# lstopo-no-graphics
Machine (7934MB total)
Package L#0
NUMANode L#0 (P#0 7934MB)
L3 L#0 (4096KB)
L2 L#0 (256KB) + L1d L#0 (32KB) + L1i L#0 (32KB) + Core L#0
PU L#0 (P#0)
PU L#1 (P#2)
L2 L#1 (256KB) + L1d L#1 (32KB) + L1i L#1 (32KB) + Core L#1
PU L#2 (P#1)
PU L#3 (P#3)
HostBridge
PCI 00:02.0 (VGA)
PCIBridge
PCI 02:00.0 (Network)
Net "wlp2s0"
PCI 00:1f.2 (SATA)
Block(Disk) "sda"
Misc(MemoryModule)
Misc(MemoryModule)
#As you can see, my humble laptop just have one NUMA node, with two cores/processors, and two hyperthreads per core.
But in a server, very likely you will have more NUMA nodes, more cores and more processors so you want to be sure that is used properly.
I am not expert in CPU performance at all but there many important points like memory allocation, huge pages, pinning memory/threads (isolcpu, taskset, etc), compiler strategies and tools to test the performance. Some of them ring the bell and it is nice to know that exist. You never know when you will have to dive in this type of water.