[CentOS] Anyway to ensure SSH availability?
Devin Reade
gdr at gno.org
Wed Jun 29 22:00:07 UTC 2011
--On Thursday, June 30, 2011 05:04:07 AM +0800 Emmanuel Noobadmin
<centos.admin at gmail.com> wrote:
> On 6/30/11, Les Mikesell <lesmikesell at gmail.com> wrote:
>> The seriously on-the-cheap approach is to run a few virtual servers on
>> hardware slightly better than one of the individual servers would need.
>
> Actually THAT is the fundamental problem ;)
> The physical server is frankly much more powerful than the two guest
> running on it. I have the same applications + public web/email running
> on old dual core machines with less memory than the guests.
I don't recall you mentioning which VM solution you're using.
Some problematic areas that I've seen when using VMs:
+ memory ballooning sometimes causes problems (I've not actually seen
it, but I've seen various warnings about having it enabled and
resultant flakiness, and I run with it disabled)
+ I/O stacks not doing TCP segment offload correctly. This is an ugly
one that bit me hard and took a while to track down. It's happened in
both ESXi and Xen (and I'm not saying that KVM isn't affected, either).
The symptoms of this is things seem to be fine under low load, but as
network traffic starts to increase TCP sessions start stalling out
or dying. I've seen it to the point where I can't even maintain an
ssh session long enough to get a login prompt.
What it comes down to is the top level (virtual) OS decides to hand off
TCP segmentation to the (virtual) NIC. To make a long story short,
between the guest OS, the virtual NICs, the virtual switches, the
host OS, and the physical NICs, there exists a path (depending on
versions and hardware) where everyone things somebody else is doing
TCP segment handling, and nobody is. So as I/O goes up or fragmentation
occurs, the protocol goes into the toilet. Sometimes you miss packets
and sometimes the data is corrupt.
Disabling tcp segment offload in both the host and guest avoids the
problem (forcing the OS to do it instead of the VM & physical layers).
Be aware of reboots and update processes that want to reenable it ...
Devin
More information about the CentOS
mailing list