Chapter 1. Real-time kernel tuning in RHEL 8
Latency, or response time, refers to the time from an event and to the system response. It is generally measured in microseconds (μs).
For most applications running under a Linux environment, basic performance tuning can improve latency sufficiently. For those industries where latency must be low, accountable, and predictable, Red Hat has a replacement kernel that can be set for latency to meet those requirements. RHEL for Real Time 8
provides seamless integration with RHEL 8
and offers clients the opportunity to measure, configure, and record latency times within their organization.
Use the real-time kernel for well-tuned systems and for applications with extremely high determinism requirements. With kernel system tuning, you can achieve good improvement in determinism. Before you begin, perform general system tuning of the standard RHEL 8
system and then deploy the RHEL for Real Time kernel.
Failure to perform these tasks might prevent a consistent performance from a RHEL for Real Time deployment.
1.1. Tuning guidelines
Real-time tuning is an iterative process; you will almost never be able to tweak a few variables and know that the change is the best that can be achieved. Be prepared to spend days or weeks narrowing down the set of tuning configurations that work best for your system.
Additionally, always make long test runs. Changing some tuning parameters then doing a five minute test run is not a good validation of a particular set of tuning changes. Make the length of your test runs adjustable and run them for longer than a few minutes. You can narrow down to a few different tuning configuration sets with test runs of a few hours, then run those sets for many hours or days at a time to detect corner-cases of highest latency or resource exhaustion.
- Build a measurement mechanism into your application, so that you can accurately gauge how a particular set of tuning changes affect the application’s performance. Anecdotal evidence, for example, "The mouse moves more smoothly" is usually wrong and can vary. Do hard measurements and record them for later analysis.
- It is very tempting to make multiple changes to tuning variables between test runs, but doing so means that you do not have a way to narrow down which tuning parameter affected your test results. Keep the tuning changes between test runs as small as you can.
- It is also tempting to make large changes when tuning, but it is almost always better to make incremental changes. You will find that working your way up from the lowest to highest priority values will yield better results in the long run.
-
Use the available tools. The
tuna
tuning tool makes it easy to change processor affinities for threads and interrupts, thread priorities and to isolate processors for application use. Thetaskset
andchrt
command line utilities allow you to do most of whattuna
does. If you run into performance problems, theftrace
andperf
utilities can help locate latency problems. - Rather than hard-coding values into your application, use external tools to change policy, priority and affinity. Using external tools allows you to try many different combinations and simplifies your logic. Once you have found some settings that give good results, you can either add them to your application, or set up startup logic to implement the settings when the application starts.
1.2. Balancing logging parameters
The syslog
server forwards log messages from programs over a network. The less often this occurs, the larger the pending transaction is likely to be. If the transaction is very large, it can cause an I/O spike. To prevent this, keep the interval reasonably small.
The system logging daemon, syslogd
, is used to collect messages from different programs. It also collects information reported by the kernel from the kernel logging daemon, klogd
. Typically, syslogd
logs to a local file, but it can also be configured to log over a network to a remote logging server.
Procedure
To enable remote logging:
- Configure the machine to which the logs will be sent. For more information, see Remote Syslogging with rsyslog on Red Hat Enterprise Linux.
Configure each system that will send logs to the remote log server, so that its
syslog
output is written to the server, rather than to the local file system. To do so, edit the/etc/rsyslog.conf
file on each client system. For each of the logging rules defined in that file, replace the local log file with the address of the remote logging server.# Log all kernel messages to remote logging host. kern.* @my.remote.logging.server
The example above configures the client system to log all kernel messages to the remote machine at
@my.remote.logging.server
.Alternatively, you can configure
syslogd
to log all locally generated system messages, by adding the following line to the/etc/rsyslog.conf
file:# Log all messages to a remote logging server: . @my.remote.logging.server
The syslogd
daemon does not include built-in rate limiting on its generated network traffic. Therefore, Red Hat recommends that when using RHEL for Real Time systems, only log messages that are required to be remotely logged by your organization. For example, kernel warnings, authentication requests, and the like. Other messages should be logged locally.
Additional resources
-
syslog(3)
man page -
rsyslog.conf(5)
man page -
rsyslogd(8)
man page
1.3. Improving performance by avoiding running unnecessary applications
Every running application uses system resources. Ensuring that there are no unnecessary applications running on your system can significantly improve performance.
Prerequisites
- You have root permissions on the system.
Procedure
Do not run the graphical interface where it is not absolutely required, especially on servers.
Check if the system is configured to boot into the GUI by default:
# systemctl get-default
If the output of the command is
graphical.target
, configure the system to boot to text mode:# systemctl set-default multi-user.target
Unless you are actively using a Mail Transfer Agent (MTA) on the system you are tuning, disable it. If the MTA is required, ensure it is well-tuned or consider moving it to a dedicated machine.
For more information, refer to the MTA’s documentation.
ImportantMTAs are used to send system-generated messages, which are executed by programs such as
cron
. This includes reports generated by logging functions likelogwatch()
. You will not be able to receive these messages if the MTAs on your machine are disabled.Peripheral devices, such as mice, keyboards, webcams send interrupts that may negatively affect latency. If you are not using a graphical interface, remove all unused peripheral devices and disable them.
For more information, refer to the devices' documentation.
Check for automated
cron
jobs that might impact performance.# crontab -l
Disable the
crond
service or any unneededcron
jobs.- Check your system for third-party applications and any components added by external hardware vendors, and remove any that are unnecessary.
Additional resources
-
cron(8)
man page
1.4. Non-Uniform Memory Access
The taskset
utility only works on CPU affinity and has no knowledge of other NUMA resources such as memory nodes. If you want to perform process binding in conjunction with NUMA, use the numactl
command instead of taskset
.
For more information about the NUMA API, see Andi Kleen’s whitepaper An NUMA API for Linux.
Additional resources
-
numactl(8)
man page
1.5. Ensuring that debugfs is mounted
The debugfs
file system is specially designed for debugging and making information available to users. It is mounted automatically in RHEL 8 in the /sys/kernel/debug/
directory.
The debugfs
file system is mounted using the ftrace
and trace-cmd
commands.
Procedure
To verify that debugfs
is mounted:
Run the following command:
# mount | grep ^debugfs debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime,seclabel)
If
debugfs
is mounted, the command displays the mount point and properties fordebugfs
.If
debugfs
is not mounted, the command returns nothing.
1.6. InfiniBand in RHEL for Real Time
InfiniBand is a type of communications architecture often used to increase bandwidth, improve quality of service (QOS), and provide for failover. It can also be used to improve latency by using the Remote Direct Memory Access (RDMA) mechanism.
The support for InfiniBand on RHEL for Real Time is the same as the support available on Red Hat Enterprise Linux 8. For more information, see Configuring InfiniBand and RDMA networks.
1.7. Using RoCEE and High-Performance Networking
RoCEE
(RDMA over Converged Enhanced Ethernet) is a protocol that implements Remote Direct Memory Access (RDMA) over Ethernet networks. It allows you to maintain a consistent, high-speed environment in your data centers, while providing deterministic, low latency data transport for critical transactions.
High Performance Networking
(HPN) is a set of shared libraries that provides RoCEE
interfaces into the kernel. Instead of going through an independent network infrastructure, HPN
places data directly into remote system memory using standard Ethernet infrastructure, resulting in less CPU overhead and reduced infrastructure costs.
Support for RoCEE
and HPN
under RHEL for Real Time does not differ from the support offered under RHEL 8.
Additional resources
1.8. Tuning containers for RHEL for real-time
The main RHEL kernels enable the real time group scheduling feature, CONFIG_RT_GROUP_SCHED
, by default. However, for real-time kernels, this feature is disabled.
The CONFIG_RT_GROUP_SCHED
feature was developed independently of the PREEMPT_RT
patchset used in the kernel-rt
package and is intended to operate on real time processes on the main RHEL kernel. The CONFIG_RT_GROUP_SCHED
feature might cause latency spikes and is therefore disabled on PREEMPT_RT
enabled kernels. Therefore, when testing your workload in a container running on the main RHEL kernel, some real-time bandwidth must be allocated to the container to be able to run the SCHED_FIFO
or SCHED_RR
tasks inside it.
Procedure
Configure the following global setting before using podman’s
--cpu-rt-runtime
command line option:# echo 950000 > /sys/fs/cgroup/cpu,cpuacct/machine.slice/cpu.rt_runtime_us
- For CPU isolation, use the existing recommendations for setting aside a set of cores for the RT workload.
-
Run
podman run --cpuset-cpus
with the list of isolated CPU cores to be used. Specify the Non-Uniform Memory Access (NUMA) memory nodes to use.
*podman run --cpuset-mems=number-of-memory-nodes
This avoids cross-NUMA node memory access.
-
To verify that the minimal amount of memory required by the real-time workload running on the container is available at container start time, use the
*podman run --memory-reservation=limit
command.
Additional resources
-
podman-run(1)
man page