Slashdot Mirror
Virtualizing Cuts Web App Performance 43%
czei writes "This just-released research report, Load Testing a Virtual Web Application, looks at the effects of virtualization on a typical ASP Web application, using VMWare on Linux to host a Windows OS and IIS web server. While virtualizing the server made it easier to manage, the number of users the virtualized Web app could handle dropped by 43%. The article also shows interesting graphs of how hyper-threading affected the performance of IIS." The report urges readers to take this research as a data point. No optimization was done on host or guest OS parameters.
Who uses VMWare Server in a production environment anyway? We run all of our Web services, Exchange servers and SQL databases in VMWare's Virtual Infrastructure 3. VMWare Player and Server are only ment for lab evironments and low load applications. VMWare even says as much on their website. Either this is just FUD or the author is an idiot. In other news water is wet.
They performed the test on VMware Server not VMware ESX Server which is what most enterprises will use. VMware ESX Server runs on "bare metal", so it does not have the overhead of the host operating system.
My first attempt at virtualization was last September with VMWare Server. During testing everything seemed fine. When everything was using it, performance was awful. Everything crawled. I ended up doing an all-nighter to move everything back to a regular server. Note, I wasn't overloading things. There was only one VM on the host. The memory was fixed, not paged to a disk like it is by default. The hard drive was preallocated. My intention for virtualization was to make things easier to manage.
That's when I started experimenting with Xen. This time I put the test under a very high load, and it seemed to handle everything well. I deployed it in October and so far there hasn't been a single performance issue.
I'm now totally addicted to Xen. I create Vms all the time, have split up services into different VMs (ie, when cups crashes it no longer takes out the copy of samba that handles logins, damn I hate cups). So far, no performance issues at all.
VMware Server 1.0.1 is their free virtualization product that runs on a host OS (linux or Windows). Most enterprises will use VMware ESX Server 3 with the VMware Virtual Infrastructure 3 series of products as it runs on "bare metal" and does not have the overhead of the host OS.
The hyperthreaded capacity was actually 390 so a 3% gain.
If eth0 is shared between host and guest OS and host OS is Linux:
# ethtool -K eth0 tso off
With paravirtualised devices, or devices that are virtualisation-aware, a VM can be within 10% of the performance of a real machine quite easily. Without I'm surprised they even got to 57% of native performance for web applications.
I am TheRaven on Soylent News
No it's not insane. Lots of customers want full root access on their systems so they can install whatever they want (different database or other servers, or even alternate OS's). Virtualization is the only way to go for that.
It isn't surprising that VMWare would be bad at a web-app workload. See the original paper on Xen:
/ 2003-xensosp.pdf
http://www.cl.cam.ac.uk/research/srg/netos/papers
Top of page 9 has a chart comparing native Linux, Xen, VMWare, and UML for different workloads. They show VMWare degrading performance by over 70% for SPECWEB 99.
Web applications are OS intensive; while VMWare is quite good at pure CPU-bound tasks, it has to perform a lot of emulation whenever you are running inside the OS. So it will stink at anything with lots of small IO, lots of metadata operations, or lots of process creation/switching. For example, VMWare shows a whopping 90% slowdown for OLTP database workloads, according to the Xen paper, and it really isn't surprising. The OS microbenchmarks in the above paper (page 10) show that VMWare has abysmal performance for things like fork(), exec(), mmap(), page faults, and context switches.
Basically, Xen doesn't have to emulate the OS, because they make modifications to the OS. VMWare does dynamic binary rewriting (think fancy emulation) to run an unmodified OS; they therefore pay through the nose in performance overhead for OS-intensive workloads.
VMware's vmxnet driver is paravirtualized and it does provide better performance than the traditional pcnet32 virtual device driver, which operates 100% on software to maintain compatibility with other OSs.
Regarding paravirtualization, it's already known that the new VMware Workstation 6 (currently in beta) and presumably the next version of VMware Server, will support VMware's version of paravirtualization called VMI, which was officially accepted as part of the stock Linux kernel starting on 2.6.21. This may help boosting the performance of Linux-based VMs significantly, and unlike the Xen version, it will boot a single kernel image, regardless of the physical or virtual underlying hardware platform.
AssignUserId only works with the perchild MPM, which has the following caveat: "This module is not functional. Development of this module is not complete and is not currently active. Do not use perchild unless you are a programmer willing to help fix it."
Thus, AssignUserId should NOT be used. SuExec can be used, of course, but that has its own limitations.
Personally, I give users their own Apache processes on their own port (>1024) and use a reverse proxy. I make a living on it.
But it highlights one thing: if you hand virtualization to clueless people, you'll get bad perfs.
It also shows, both in the article and in the comments here, the severe misunderstanding surrounding the concept of "virtualization".
I see lots of clueless people saying "uh, of course, virtualization perfs sucks". I think those people don't realize today's virtualization technology ain't grandpa's past-century emulators.
There are today virtualization technologies that offer basically native speeds. Xen can now run in two modes (para-virt or hardware-virt, the latter if the MOBO/BIOS/CPU supports Intel-VT / AMD-V)... In paravirt mode Xen offers native speeds (the overhead is so small you'll have a hard-time measuring it). Better: network I/O ain't good enough for you? Simply "passthrough" a PCI device (say a PCI network card) to your paravirtualized guest. The guest (and only the guest) is directly accessing the PCI card (no more network I/O problems). But you can't run Windows on Linux using paravirt under Xen...
In hardware-virtualized mode, under Xen (or KVM, which only does hardware-virt), you can run Windows. Network and disk I/O, for hardware virt, at this point sucks. However you can install special drivers in your guest to make it speedier (drivers for Windows under Xen are $$$ and under development for KVM).
But, wait, there's more to come... Next gen IOMMU is around the corner. And as soon as it gets implemented in Xen, the already super-fast virtualized system gets an additional boost and you'll have something even closer to native, even when running Windows under Xen.
If you think "virtualization will always be slower" you need a reality check: the CPU makers are working hard so that the virtualization overhead becomes irrelevant. And suddenly the ones not using virtualization will find themselves with a less capable, less secure, less maintanable box being, in some particular, anecdotical, cases only 0.05% faster.
Virtualization is here to stay and the overhead, already very small today, will keep shrinking.
If you have a real need to run 100 separate Apache instances, then you'll want something much higher-level than VMWare. For us, that would be a FreeBSD jail, where each instance would get its own chrooted home directory and IP address. That way, you're not allocating resources to 100 little-used OS images; each shares from the same memory and hard drive pool. Jails are slightly limited in that I'd like a way to limit CPU and memory allocation, but in practical application this really works very well today.
Dewey, what part of this looks like authorities should be involved?
It's not just support reasons. A lot of MSFT products require a dedicated server because they use the Default Web Site in IIS ;) Multi-Tenancy is not an option for many even modern server products. So, virtualize the server.
Cool! Amazing Toys.
Of those, only the last is relevant to FreeBSD jail setups. If I created a jail for you and gave you root, you would be root, full stop. The only things you could do would be install your own kernel (since only one kernel - that of the host OS - is running). We use them to virtualize multiple distinct systems on the same hardware, with the idea that the mailserver always runs under a light load and doesn't interfere with the database server hosted on the same machine.
There's a decent Wikipedia article on the subject, even if it kind of comes across like an advertisement. In short, it sounds like your hosting provider ran a bad server. Don't extrapolate their incompetence to the general state of the art.
Assuming a strategy like copy-on-write, I can understand how two instances started from the same configuration could begin with most of their memory shared. However, it seems like that would eventually become a tiny percentage of their actual address space as processes start and die, allocate memory and free it, etc. I mean, to the best of my knowledge, when Unix fork()s a process, it doesn't keep track of when it can later re-merge the address space of the parent and child. They may start as identical copies, but pretty soon their data segments will be completely different. In the case where each process is actually a virtualized system where the data segment is hugely bigger than the shared code, I'd think that would happen pretty quickly.
Dewey, what part of this looks like authorities should be involved?