Software-accelerated network in Virtual Private Cloud
If your application generates an extreme load to the VM cores and, at the same time, requires large amounts of network traffic, the user and network processes may start competing for hardware resources. To avoid this, we recommend using a software-accelerated network in VPC.
Regular VM network
In the Yandex Cloud infrastructure, all VMs run in the QEMU-KVM virtualization environment. A hypervisor proportionally distributes the computing load across all processor cores allocated to a VM.
The computing load can be logically divided into three parts:
- User load: OS processes and user processes run in the OS of a user VM.
- Processes maintaining the operation of network disks.
- Processes for handling the VM's network traffic.
The load distribution across compute cores can be presented as follows:
The diagram shows that the user load and VM network traffic handling are distributed across all compute cores allocated to the VM.
The processes maintaining the operation of network disks are separated from the user load and run on compute cores from a separate pool, the service cores labeled as Core S1 and Core Sn in the diagram.
You can isolate VM network traffic from the user load using the software-accelerated network (SAN) mechanism.
Software-accelerated network
Software network acceleration is achieved by transferring network traffic processing from the VM cores to additional compute cores allocated from a shared pool of cores available to a physical server. To enable SAN, you need to completely shut down your VM.
Load distribution across compute cores with SAN enabled can be represented as follows:
The diagram shows the use of additional compute cores (Core 4 and Core 5) for network traffic processing. The number of service compute cores depends on the number of VM cores:
- If a VM is hosted on a single NUMA node of a physical server, two additional compute cores for network traffic will be allocated to it as soon as SAN is enabled (see the diagram).
- If a VM is hosted on two NUMA nodes of a physical server, four additional cores will be allocated to it as soon as SAN is enabled.
Note
The additional compute cores allocated when enabling SAN will not be visible inside the user VM.
You cannot enable SAN on a VM with performance level below 100%.
This way, SAN ensures that there is no competition between user and service loads for the VM's hardware resources, as all network traffic is processed separately. This minimizes lags and packet losses when transmitting traffic, while the VM's computing resources are freed up to serve the user load.
The cost of additional hardware resources depends on the platform and the number of VM cores.
To enable a software-accelerated network:
-
Select the Software network acceleration option when creating a new VM or reconfigure an existing VM.
-
Enable the Software network acceleration option in the basic VM configuration when creating an instance group or set the
network_settings.typekey toSOFTWARE_ACCELERATEDin the YAML specification.
Recommendations for using a software-accelerated network
We recommend enabling a software-accelerated network to speed up request handling:
- On VMs with custom DB installations in the case of high disk and CPU utilization (over 70-80%).
- If you see a high
CPU steal timemetric value inside a VM. - In Yandex Managed Service for Kubernetes cluster node groups when using intra-cluster L7 load balancers, e.g., Ingress NGINX controllers or Istio ingress gateways.
Warning
Enabling SAN will not accelerate your network disks.