Cloak icon indicating copy to clipboard operation
Cloak copied to clipboard

Published 20 hours ago verified publisher icon cbeuw

How to reduce cpu load.

Open alexkatanda opened this issue 6 years ago • 13 comments

Hello, I installed ck-server with shadowsocks-libev3.2.5 on ubuntu18.10. ck-server's cpu load is very high than ss-server. ck-server's cpu usage is about 58%. ss-server's cpu usage is about 18%. Why is ck-server's cpu load very high? How to reduce ck-server's cpu load?

alexkatanda avatar Jun 23 '19 19:06 alexkatanda

@alexkatanda hi @cbeuw this one cloak issue cpu load so vking high sir, i just found out and tested it, if users has high upload traffic it will load more cpu, Screenshot_74

malikshi avatar Jun 24 '19 19:06 malikshi

Please provide some environment information, like the CPU architecture and the version of cloak you are using.

How many sessions are established when this happens? Is there any trigger or does it happen randomly or from the very beginning?

cbeuw avatar Jun 24 '19 20:06 cbeuw

Please provide some environment information, like the CPU architecture and the version of cloak you are using.

How many sessions are established when this happens? Is there any trigger or does it happen randomly or from the very beginning?

Screenshot_75

even when i am try to speedtest, see cpu load, here my spec, CPU model : Virtual CPU 523cbcdd6ca4 Number of cores : 1 CPU frequency : 2399.996 MHz Total size of Disk : 25.0 GB (5.7 GB Used) Total amount of Mem : 985 MB (336 MB Used) Total amount of Swap : 2047 MB (0 MB Used) System uptime : 0 days, 1 hour 50 min Load average : 0.07, 0.08, 0.03 OS : Ubuntu 18.04.2 LTS Arch : x86_64 (64 Bit) Kernel : 4.18.0-24-generic

i didn't share this server to anyone

malikshi avatar Jun 24 '19 21:06 malikshi

Hello Things are better in my server: Speed result As you can see, ck-server and ss-server are using about 33% of CPU with 120Mbit/s. (Those numbers in htop are out of 200%)

Here is my CPU info on my server

processor : 0 vendor_id : AuthenticAMD cpu family : 23 model : 1 model name : AMD Ryzen 7 PRO 1700X Eight-Core Processor stepping : 1 microcode : 0x8001137 cpu MHz : 3399.999 cache size : 512 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm cons tant_tsc rep_good nopl tsc_reliable nonstop_tsc cpuid extd_apicid pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx hypervisor lahf_lm extap ic abm sse4a misalignsse 3dnowprefetch osvw cpb ssbd vmmcall arat bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 spe c_store_bypass bogomips : 6799.99 TLB size : 2560 4K pages clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management:

processor : 1 vendor_id : AuthenticAMD cpu family : 23 model : 1 model name : AMD Ryzen 7 PRO 1700X Eight-Core Processor stepping : 1 microcode : 0x8001137 cpu MHz : 3399.999 cache size : 512 KB physical id : 0 siblings : 2 core id : 1 cpu cores : 2 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp lm cons tant_tsc rep_good nopl tsc_reliable nonstop_tsc cpuid extd_apicid pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx hypervisor lahf_lm extap ic abm sse4a misalignsse 3dnowprefetch osvw cpb ssbd vmmcall arat bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 spe c_store_bypass bogomips : 6799.99 TLB size : 2560 4K pages clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management:

One thing that I don't know if it's important or not, is that my server's CPU has aes flag. You can test that with this command:

grep aes /proc/cpuinfo

If it prints anything you server's CPU does support AES-NI.

Also the encryption algorithm for shadowsocks is aes-128-gcm

HirbodBehnam avatar Jun 26 '19 16:06 HirbodBehnam

Are you running in pc? It's fuckin good server. Can you try use ss-server -v -u -c path to ss server config.

malikshi avatar Jun 27 '19 01:06 malikshi

No both are servers. Client is from Eonix, KVM Virtualization, 1 Core @ 2100 MHz, 512 MB Ram and no AES-NI support. And what's the matter with UDP relay and verbose mode? Speed tests are usually TCP.

BTW this is my own computer. 20% CPU utilization with 42 Mbit/s Speedtest Result

HirbodBehnam avatar Jun 27 '19 03:06 HirbodBehnam

And what's the matter with UDP relay and verbose mode? Speed tests are usually TCP.

just try those in server and any change or not for cpu load and ram, usually ram and cpu will loaded more when most users has good traffic

malikshi avatar Jun 27 '19 07:06 malikshi

Yes enabling verbose mode will use more CPU because it writes every connection detail to terminal or the service log. You can remove the -v flag. Also I tried with UDP Relay: Speed test About 20 Mbit/s and 10% CPU usage. Same as before.

HirbodBehnam avatar Jun 27 '19 08:06 HirbodBehnam

But as you can see the CPU usage is for ss-server rather than ck-server. So you can either change the encryption to rc4-md5 or chacha20 or salsa20. Also I'm not sure if this helps or not but I also have installed haveged package.

HirbodBehnam avatar Jun 27 '19 10:06 HirbodBehnam

rc4-md5 is not secure so it's not recommend. Chacha20 performs than AES worse on machines with AES-NI support. Regardless I don't think the CPU usage is due to crypto.

Is it possible to run ck-server on standalone mode and see the CPU usage of ss-server and ck-server separately?

cbeuw avatar Jun 27 '19 10:06 cbeuw

Yeah you are right rc4-md5 is a weak algorithm. @malikshi You can see here for some speed comparison. However this is for 2 years ago and I'm not sure if it is still valid or not!

  • I also tested shadowsocks in my server that does not support AES-NI with aes-128-gcm cipher. Here is the result: image Download speed is about 20Mbit/s.

And a noobish question from @cbeuw; Why running in standalone is required to manage ck-server's CPU utilization? While running with --plugin option, ck-server runes as child of ss-server. And in htop it shoes the utilization like this: image Any problem with this? (sorry for noobish english too)

HirbodBehnam avatar Jun 27 '19 11:06 HirbodBehnam

Is it possible to run ck-server on standalone mode and see the CPU usage of ss-server and ck-server separately? Screenshot_90 what i am post picture before doesn set to F5(tree) hope you understand,

rc4-md5 is not secure so it's not recommend. Chacha20 performs than AES worse on machines with AES-NI support. Regardless I don't think the CPU usage is due to crypto.

and my config using cacha by default in my own script(edited from gist and HirbodBehnam repo) method":"chacha20-ietf-poly1305 .

And what's the matter with UDP relay and verbose mode? Speed tests are usually TCP.

yea i just wanna using udp relay if plugin cloak supported dns over udp(relay). voice/video call need udp right,

and i think still tcp fast open was main problems? i know its made it fast but doesnt feel right when implemented in cloak,

malikshi avatar Jun 29 '19 12:06 malikshi

Hi, @cbeuw image

here my server spec, CPU model : Intel(R) Xeon(R) CPU E3-1240 v5 @ 3.50GHz Number of cores : 8 Total amount of Mem : 32GB OS : Ubuntu 18.04.2 LTS Arch : x86_64 (64 Bit) Kernel : 4.15.0-55-generic

Currently I am using this server with my colleagues. Shadowsocks are using chacha20 cipher. I also think that CPU usage is for ss-server rather than ck-serve. However in many session environment, the cpu usage of ck-server is high than ss-server. Currently there are about 100~200 simultaneous session.

alexkatanda avatar Jul 28 '19 20:07 alexkatanda