By default, the IP Virtual Server (IPVS) module of the Linux operating system enables the estimation feature. In scenarios in which a large-sized server hosts a large number of services, such as a large-scale Kubernetes cluster scenario, the estimation feature may cause a latency of tens to hundreds of milliseconds or network jitters when the server processes network requests. You can disable the estimation feature of IPVS for Alibaba Cloud Linux images. If you do not use the feature to collect statistics such as the number of packets and connections, we recommend that you disable the estimation feature of IPVS to eliminate additional overheads and jitters that occur during statistics collection.
Background information
IPVS has a built-in timer named estimation_timer, which is used to count the number of connections and the number of data packets sent and received by each service in each time slice. The timer is enabled by default.
The estimation feature of IPVS causes network request latency or jitters due to the following reasons:
As the number of services increases, the amount of computation increases in a linear manner. To reduce the overheads of computing and storage resources, the kernel stores statistical data on a CPU basis. As the number of CPUs used by the kernel increases, the number of CPUs the kernel must traverse to collect statistics also increases. If the numbers of services and CPUs increase, the statistical overheads of each estimation_timer significantly increase.
In Linux, timer execution is assigned a high priority. When a timer task is executed, other tasks cannot be executed. This results in a delay in packet reception. A latency of tens to hundreds of milliseconds occurs when applications send requests to the server. In this case, jitters occur during the
pingoperation on the server.
Limits
You can disable the estimation feature of IPVS only for Alibaba Cloud Linux images that run the following kernel versions:
Alibaba Cloud Linux 2:
4.19.91-22or laterAlibaba Cloud Linux 3:
5.10.134-14or later
Disable the estimation feature to resolve the network jitter issue
When you disable the estimation feature of IPVS by using commands such as the sudo ipvsadm -Ln --stats command, the service statistics feature of IPVS becomes unavailable. As a result, you cannot obtain the changes in the number of connections and the number of received packets for the corresponding services. Evaluate the impacts on the corresponding business. Proceed with caution when you disable the estimation feature.
Connect to an Elastic Compute Service (ECS) instance.
For more information, see Connect to a Linux instance by using a password or key.
Disable the estimation feature on the ECS instance.
Run the following command to open the sysctl configuration file named
/etc/sysctl.conf:sudo vim /etc/sysctl.confAdd the following line at the end of the file. Then, save and close the file.
net.ipv4.vs.run_estimation = 0Run the following command to allow the modified configuration to take effect:
sudo sysctl -pIn container scenarios, you must perform the following operations to disable the estimation feature.
Scenario 1: Each time the IPVS module is reloaded, you must run the
sysctl -pcommand to allow the configuration to take effect. We recommend that you use the modprobe configuration file to automatically run thesysctl -pcommand each time the system reloads the IPVS module. This way, thesysctl.confconfiguration takes effect and the estimation feature is disabled.Create a modprobe configuration file. In the following example, the
ipvs.conffile is created.sudo vim /etc/modprobe.d/ipvs.confAdd the following content to the file. Then, save and close the file.
options ip_vs run_estimation=0 post-up sysctl -p
Scenario 2: If you configured IPVS rules for containers such as the network namespaces container, you must disable the estimation feature for each container.
NoteFor Alibaba Cloud Container Service for Kubernetes (ACK), the default proxy mode of the Kube-proxy is IPVS, and IPVS rules are configured on the host side. In this case, you do not need to disable the estimation feature for each container. If you use ACK, skip this operation.
Verify that the estimation feature is disabled.
Method 1: Run the
sudo sysctl net.ipv4.vs.run_estimationcommand. If0is returned, the estimation feature is disabled.Method 2: Run the
sudo ipvsadm -Ln --statscommand. If the statistical value does not change, the estimation feature is disabled.ImportantIf you did not install the
ipvsadmtool, run thesudo yum install ipvsadmcommand to install the tool.
What to do next
Verify that network jitter and latency issues are resolved
Method 1:
Pingthe IP address or domain name of the ECS instance. If the latency value remains relatively stable and within a reasonable range, the network latency issue is resolved.Method 2: Use a network performance testing tool to conduct a comprehensive latency and jitter test to check whether the long tail latency exists. If the frequency and duration of the long tail latency are significantly reduced, or the long tail latency does not recur, the network jitter and latency issues are resolved.
NoteIf you disable the estimation feature but network jitters or latency still exist, you can use the network diagnostics feature in the Container Service for Kubernetes (ACK) console to diagnose the issues. For more information, see Network diagnostics.
Re-enable the estimation feature
If you want to re-enable the estimation feature, change the run_estimation value in the sysctl and modprobe configuration files to 1.