System¶
The system
section exposes some configuration settings of the operating
system and the VPP dataplane that are
relevant for the operation of the appliance.
Operating system¶
The following fields expose operating system settings:
dns.servers
A list of DNS server IP addresses that the appliance uses for domain name resolution.
ntp.servers
A list of NTP time server IP addresses that the appliance uses for time synchronization.
kernel
A group of Linux kernel settings that are exposed.
- orphan:
Warning
Be advised that you should only change these values if you understand the implications. In case you have any questions, reach out to customer-support@anapaya.net.
hugepage_size
The size of hugepages the kernel should allocate at boot time.
hugepages
The number of hugepages the kernel should allocate at boot time.
iommu_enabled
A flag configuring whether the IOMMU subsystem in the Linux kernel is enabled. To improve performance, this should be set to true on all systems that support it.
Hint
Use the following command to find out if the appliance host supports IOMMU:
find /sys | grep dmar
It should report a non-empty list of devices.
Note
After changing this option the appliance needs to be rebooted.
system
The following example configures enables IOMMU and configures custom DNS and NTP servers.
"system": {
"dns": {
"servers": [
{
"address": "2.2.2.2"
}
]
},
"kernel": {
"iommu_enabled": true
},
"ntp": {
"servers": [
{
"address": "time3.example.ch"
}
]
}
}
Vector Packet Processor (VPP)¶
- orphan:
Warning
Be advised that you should only change these values if you understand the implications. In case you have any questions, reach out to customer-support@anapaya.net.
The appliance router and IP-in-SCION tunneling processes use a VPP dataplane to provide fast packet processing.
The following fields configure relevant settings of and related to the VPP dataplane:
buffers.data_size
The default size of the buffer VPP allocates for a packet, in bytes (VPP Reference).
buffers.num_buffers
The number of buffers VPP allocates per NUMA node (VPP Reference).
connection
Configures the appliance’s connection to the VPP dataplane. The VPP control service is the part of the appliance that configures the underlying network devices for the VPP dataplane and regularly performs health checks to make sure it works as expected.
health_check.probe_interval
The interval in which a health check probe is sent to the VPP dataplane.
health_check.reply_timeout
The time in which the VPP control service expects a reply from the VPP dataplane.
health_check.threshold
The number of health checks, from VPP control service to the VPP dataplane, that is allowed to time out before the connection is considered dead.
reconnect_attempts
The number of connection attempts from VPP control service to the VPP dataplane after starting up.
reconnect_interval
The interval at which a connection is attempted from VPP control service to the VPP dataplane after starting up.
cpu.main_core
The logical CPU core the main VPP dataplane thread runs on (VPP Reference).
cpu.workers
The number of workers that are created for the VPP dataplane. The workers are automatically pinned to consecutive CPU cores. (VPP Reference)
cpu.corelist_workers`
The list of CPU cores to be used by the workers. The cores are pinned to the workers in the order they are listed. The format for the list is A,B1-Bn,C1-Cn. This setting is mutually exclusive with
workers
and the list must not contain themain_core
.
Note
Each configured worker is pinned to a separate CPU core. These workers will consume 100% of the core they are pinned to, because the worker is constantly polling for packets.
VPP creates a TUN device to accept packets from and route packets to Linux. The device gets created automatically and can be configured with the following fields:
tun.mtu
The MTU (Maximum Transmission Unit) on the TUN device that the VPP dataplane creates in Linux.
tun.prefixes
A list of prefixes that should not be forwarded by VPP but routed to Linux.
system.vpp
The following example configures the VPP dataplane to use a larger than default buffer size and only one CPU.
"system": {
"vpp": {
"buffers": {
"data_size": 9000,
"num_buffers": 16834
},
"cpu": {
"main_core": 1,
"workers": 1
}
}
}
Managing system resources¶
The system.resources.service_limits
section allows you to configure CPU and
memory resource limits for the services running on the appliance.
Note
The default system resource limits configured in the appliance are suitable for most deployments. Only change these settings if you know what you are doing.
service_limits
A list of per service resource limits. Each entry has the following fields:
name
The name of the service to which the resource limits apply. This must be one of the following values:
CONTROL
ROUTER
DISPATCHER
DAEMON
GATEWAY
CA_FRONTEND
DATAPLANE_CONTROL
MOLE
CRON
TELEMETRY
FRR
FRR_EXPORTER
NODE_EXPORTER
PROMTAIL
cpu
The CPU limit in number of CPU cores that can be used by the service. This can be a floating point number to specify a fraction of a core. Setting this to
0
disables the CPU limit.
memory
The memory limit in Megabytes that can be used by the service. Setting this to
0
disables the memory limit.
system.resources
The following example configures the CPU and memory limits for the
ROUTER
service.
"system": {
"resources": {
"service_limits": [
{
"name": "ROUTER",
"cpu": 1.5,
"memory": 2048
}
]
}
}