Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Electronic Eel @electronic_eel@treehouse.systems

3/11/2024, 10:03:13 PM

Public

Back in December I got some Mellanox ConnectX-6 Dx, now I finally got around to playing with them. I got them because I was interested in two features:

True integrated switch between all VM virtual functions and outside links, with communication between VMs, VLAN filtering rules, LACP-bonding the links and so on
Hardware offloading for TLS-encryption

I now benchmarked the TLS-offload, and unfortunately I'm underwhelmed. A 🧵

#networking #mellanox #tls #homelab

Two Mellanox/Nvidia ConnectX-6 Dx network cards

Electronic Eel @electronic_eel@treehouse.systems

3/11/2024, 10:06:24 PM

Public

I hoped that TLS-offloading would increase throughput or at least keep throughput but reduce cpu load. But when you look at the throughput graph, the TLS-offloading (nginx+hw) is completely useless for small transfers. I'd have needed log charts to better show this, 8.7 MByte/s total for 500 clients repeatedly requesting a file of 10 kBytes. The regular userspace-only nginx can do 323 MBytes/s for the same load. Even with 100 kBytes requests it is still useless (83 MBytes/s).

It only becomes useful in the region somwhere between 1 and 10 MBytes file size.

While offloading TLS to the kernel (kTLS) has some setup cost, it pays off from shortly after 100k, offloading the transmission to the network card seems to be much slower. Since the CPU is nearly idle during this time it seems like setting up the offload is somehow implemented inefficiently.

Graph showing the total throughput on y and request/file size on y.

The data is shown for http, ngnix software https, ngnix with kernel-tls (ktls) and ngnix with hardware offload.

Graph showing the cpu-load during the bandwidth tests before.

If you have a fediverse account, you can quote this note from your own instance. Search https://social.treehouse.systems/users/electronic_eel/statuses/112079325395601770 on your instance and quote it. (Note that quoting is not supported in Mastodon.)