rootlesskit icon indicating copy to clipboard operation
rootlesskit copied to clipboard
verified publisher icon rootless-containers

Improve performance of gvisor-tap-vsock port driver

Open fahedouch opened this issue 7 months ago • 1 comments

Currently, using the gvisor-tap-vsock port driver adds a userspace TCP proxy, which reduces throughput from ~6.5 Gbit/s to ~4.0 Gbit/s due to extra copies and wakeups.

It seems possible to improve performance by using tunneling via `/services/tunnel in gvisor-tap-vsock. This approach would remove the TCP proxy and allow buffer control in rootlesskit, potentially reducing latency and increasing throughput.

Proposal:

  • Investigate and implement port forwarding via tunnel in rootlesskit.
  • Document possible performance impacts and any new bottlenecks.

fahedouch avatar Sep 09 '25 12:09 fahedouch

the optimization is not straightforward. I propose implementing this for the next minor versions of v3. I want us to release it first and play with it in nerdctl.

@AkihiroSuda

fahedouch avatar Dec 02 '25 09:12 fahedouch