Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fqdn: Fix notifyOnDNSMsg benchmark #32454

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions daemon/cmd/daemon_main.go
Original file line number Diff line number Diff line change
Expand Up @@ -835,11 +835,11 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
flags.Duration(option.DNSProxyConcurrencyProcessingGracePeriod, 0, "Grace time to wait when DNS proxy concurrent limit has been reached during DNS message processing")
option.BindEnv(vp, option.DNSProxyConcurrencyProcessingGracePeriod)

flags.Int(option.DNSProxyLockCount, 131, "Array size containing mutexes which protect against parallel handling of DNS response names. Preferably use prime numbers")
flags.Int(option.DNSProxyLockCount, defaults.DNSProxyLockCount, "Array size containing mutexes which protect against parallel handling of DNS response names. Preferably use prime numbers")
flags.MarkHidden(option.DNSProxyLockCount)
option.BindEnv(vp, option.DNSProxyLockCount)

flags.Duration(option.DNSProxyLockTimeout, 500*time.Millisecond, fmt.Sprintf("Timeout when acquiring the locks controlled by --%s", option.DNSProxyLockCount))
flags.Duration(option.DNSProxyLockTimeout, defaults.DNSProxyLockTimeout, fmt.Sprintf("Timeout when acquiring the locks controlled by --%s", option.DNSProxyLockCount))
flags.MarkHidden(option.DNSProxyLockTimeout)
option.BindEnv(vp, option.DNSProxyLockTimeout)

Expand Down
116 changes: 70 additions & 46 deletions daemon/cmd/fqdn_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ import (
"github.com/cilium/cilium/pkg/identity"
"github.com/cilium/cilium/pkg/ipcache"
"github.com/cilium/cilium/pkg/lock"
"github.com/cilium/cilium/pkg/node"
"github.com/cilium/cilium/pkg/option"
"github.com/cilium/cilium/pkg/policy"
"github.com/cilium/cilium/pkg/policy/api"
"github.com/cilium/cilium/pkg/proxy/accesslog"
Expand All @@ -37,13 +39,32 @@ type DaemonFQDNSuite struct {
d *Daemon
}

var notifyOnDNSMsgBenchSetup sync.Once

func setupDaemonFQDNSuite(tb testing.TB) *DaemonFQDNSuite {
testutils.IntegrationTest(tb)

re.InitRegexCompileLRU(defaults.FQDNRegexCompileLRUSize)
// We rely on a sync.Once to complete the benchmark setup that initialize
// read-only global status.
// Also, node.SetTestLocalNodeStore() panics if it called more than once.
notifyOnDNSMsgBenchSetup.Do(func() {
// set FQDN related options to defaults in order to avoid a flood of warnings
option.Config.DNSProxyLockCount = defaults.DNSProxyLockCount
option.Config.DNSProxyLockTimeout = defaults.DNSProxyLockTimeout
option.Config.FQDNProxyResponseMaxDelay = defaults.FQDNProxyResponseMaxDelay

// Set local node store as it is accessed by NewLogRecord to get node IPv4
node.SetTestLocalNodeStore()

re.InitRegexCompileLRU(defaults.FQDNRegexCompileLRUSize)
logger.SetEndpointInfoRegistry(&dummyInfoRegistry{})
})

ds := &DaemonFQDNSuite{}
d := &Daemon{}
d.ctx = context.Background()
d.policy = policy.NewPolicyRepository(d.identityAllocator, nil, nil, nil)
d.endpointManager = endpointmanager.New(&dummyEpSyncher{}, nil, nil)
d.ipcache = ipcache.NewIPCache(&ipcache.Configuration{
Context: context.TODO(),
IdentityAllocator: testidentity.NewMockIdentityAllocator(nil),
Expand All @@ -56,13 +77,10 @@ func setupDaemonFQDNSuite(tb testing.TB) *DaemonFQDNSuite {
UpdateSelectors: d.updateSelectors,
IPCache: d.ipcache,
})
d.endpointManager = endpointmanager.New(&dummyEpSyncher{}, nil, nil)
d.policy.GetSelectorCache().SetLocalIdentityNotifier(d.dnsNameManager)

ds.d = d

logger.SetEndpointInfoRegistry(&dummyInfoRegistry{})

return ds
}

Expand All @@ -71,13 +89,17 @@ type dummyInfoRegistry struct{}
func (*dummyInfoRegistry) FillEndpointInfo(info *accesslog.EndpointInfo, addr netip.Addr, id identity.NumericIdentity) {
}

type dummySelectorCacheUser struct{}

func (d *dummySelectorCacheUser) IdentitySelectionUpdated(selector policy.CachedSelector, added, deleted []identity.NumericIdentity) {
}

// BenchmarkNotifyOnDNSMsg stresses the main callback function for the DNS
// proxy path, which is called on every DNS request and response.
func BenchmarkNotifyOnDNSMsg(b *testing.B) {
ds := setupDaemonFQDNSuite(b)

var (
nameManager = ds.d.dnsNameManager
ciliumIOSel = api.FQDNSelector{MatchName: "cilium.io"}
ciliumIOSelMatchPattern = api.FQDNSelector{MatchPattern: "*cilium.io."}
ebpfIOSel = api.FQDNSelector{MatchName: "ebpf.io"}
Expand All @@ -92,21 +114,22 @@ func BenchmarkNotifyOnDNSMsg(b *testing.B) {
)

// Register rules (simulates applied policies).
dscu := &dummySelectorCacheUser{}
selectorsToAdd := api.FQDNSelectorSlice{ciliumIOSel, ciliumIOSelMatchPattern, ebpfIOSel}
nameManager.Lock()
for _, sel := range selectorsToAdd {
nameManager.RegisterForIPUpdatesLocked(sel)
pippolo84 marked this conversation as resolved.
Show resolved Hide resolved
ds.d.policy.GetSelectorCache().AddFQDNSelector(dscu, nil, sel)
}
nameManager.Unlock()

const nEndpoints int = 1024

// Initialize the endpoints.
endpoints := make([]*endpoint.Endpoint, b.N)
endpoints := make([]*endpoint.Endpoint, nEndpoints)
for i := range endpoints {
endpoints[i] = &endpoint.Endpoint{
ID: uint16(b.N % 65000),
IPv4: netip.MustParseAddr(fmt.Sprintf("10.96.%d.%d", (b.N>>16)%8, b.N%256)),
ID: uint16(i),
IPv4: netip.MustParseAddr(fmt.Sprintf("10.96.%d.%d", i/256, i%256)),
SecurityIdentity: &identity.Identity{
ID: identity.NumericIdentity(b.N % int(identity.GetMaximumAllocationIdentity())),
ID: identity.NumericIdentity(i % int(identity.GetMaximumAllocationIdentity())),
},
DNSZombies: &fqdn.DNSZombieMappings{
Mutex: lock.Mutex{},
Expand All @@ -121,39 +144,40 @@ func BenchmarkNotifyOnDNSMsg(b *testing.B) {
// Simulate parallel DNS responses from the upstream DNS for cilium.io and
// ebpf.io, done by every endpoint.
for i := 0; i < b.N; i++ {
wg.Add(1)
go func(ep *endpoint.Endpoint) {
defer wg.Done()
// Using a hardcoded string representing endpoint IP:port as this
// parameter is only used in logging. Not using the endpoint's IP
// so we don't spend any time in the benchmark on converting from
// net.IP to string.
require.Nil(b, ds.d.notifyOnDNSMsg(time.Now(), ep, "10.96.64.8:12345", 0, "10.96.64.1:53", &ciliumdns.Msg{
MsgHdr: ciliumdns.MsgHdr{
Response: true,
},
Question: []ciliumdns.Question{{
Name: dns.FQDN("cilium.io"),
}},
Answer: []ciliumdns.RR{&ciliumdns.A{
Hdr: ciliumdns.RR_Header{Name: dns.FQDN("cilium.io")},
A: ciliumDNSRecord[dns.FQDN("cilium.io")].IPs[0],
}}}, "udp", true, &dnsproxy.ProxyRequestContext{}))

require.Nil(b, ds.d.notifyOnDNSMsg(time.Now(), ep, "10.96.64.4:54321", 0, "10.96.64.1:53", &ciliumdns.Msg{
MsgHdr: ciliumdns.MsgHdr{
Response: true,
},
Compress: false,
Question: []ciliumdns.Question{{
Name: dns.FQDN("ebpf.io"),
}},
Answer: []ciliumdns.RR{&ciliumdns.A{
Hdr: ciliumdns.RR_Header{Name: dns.FQDN("ebpf.io")},
A: ebpfDNSRecord[dns.FQDN("ebpf.io")].IPs[0],
}}}, "udp", true, &dnsproxy.ProxyRequestContext{}))
}(endpoints[i%len(endpoints)])
for _, ep := range endpoints {
wg.Add(1)
go func() {
defer wg.Done()
// Using a hardcoded string representing endpoint IP:port as this
// parameter is only used in logging. Not using the endpoint's IP
// so we don't spend any time in the benchmark on converting from
// net.IP to string.
require.Nil(b, ds.d.notifyOnDNSMsg(time.Now(), ep, "10.96.64.8:12345", 0, "10.96.64.1:53", &ciliumdns.Msg{
MsgHdr: ciliumdns.MsgHdr{
Response: true,
},
Question: []ciliumdns.Question{{
Name: dns.FQDN("cilium.io"),
}},
Answer: []ciliumdns.RR{&ciliumdns.A{
Hdr: ciliumdns.RR_Header{Name: dns.FQDN("cilium.io")},
A: ciliumDNSRecord[dns.FQDN("cilium.io")].IPs[0],
}}}, "udp", true, &dnsproxy.ProxyRequestContext{}))

require.Nil(b, ds.d.notifyOnDNSMsg(time.Now(), ep, "10.96.64.4:54321", 0, "10.96.64.1:53", &ciliumdns.Msg{
MsgHdr: ciliumdns.MsgHdr{
Response: true,
},
Compress: false,
Question: []ciliumdns.Question{{
Name: dns.FQDN("ebpf.io"),
}},
Answer: []ciliumdns.RR{&ciliumdns.A{
Hdr: ciliumdns.RR_Header{Name: dns.FQDN("ebpf.io")},
A: ebpfDNSRecord[dns.FQDN("ebpf.io")].IPs[0],
}}}, "udp", true, &dnsproxy.ProxyRequestContext{}))
}()
}
wg.Wait()
}

wg.Wait()
}
8 changes: 8 additions & 0 deletions pkg/defaults/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,14 @@ const (
// DNSProxyEnableTransparentMode enables transparent mode for the DNS proxy.
DNSProxyEnableTransparentMode = false

// DNSProxyLockCount is the default array size containing mutexes which protect
// against parallel handling of DNS response names.
DNSProxyLockCount = 131

// DNSProxyLockTimeout is the default timeout when acquiring the locks controlled by
// DNSProxyLockCount.
DNSProxyLockTimeout = 500 * time.Millisecond

// IdentityChangeGracePeriod is the default value for
// option.IdentityChangeGracePeriod
IdentityChangeGracePeriod = 5 * time.Second
Expand Down
Loading