CPU limits do not affect IRQs?

adosztal · September 5, 2018, 8:32am

I’m running strongSwan in an LXD container. For testing purposes I set the CPU allowance to 10%:

~$ lxc config show vpn1 | grep limits
  limits.cpu: all
  limits.cpu.allowance: 10%

When I started a throughput test with iperf3, I noticed that IRQ calls are eating up my CPU 0 (I ran top on the host):

top - 08:19:26 up 14:29,  1 user,  load average: 0.15, 0.03, 0.01
Tasks: 128 total,   2 running,  90 sleeping,   0 stopped,   0 zombie
%Cpu0  :  0.0 us,  0.0 sy,  0.0 ni,  4.7 id,  0.0 wa,  0.0 hi, 95.3 si,  0.0 st
%Cpu1  :  0.3 us,  0.0 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  3794292 total,  1363996 free,   333660 used,  2096636 buff/cache
KiB Swap:        0 total,        0 free,        0 used.  3167644 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
    7 root      20   0       0      0      0 R  91.4  0.0  17:02.70 ksoftirqd/0
    1 root      20   0  159548   8920   6796 S   0.0  0.2   0:03.03 systemd
    2 root      20   0       0      0      0 S   0.0  0.0   0:00.00 kthreadd
    4 root       0 -20       0      0      0 I   0.0  0.0   0:00.00 kworker/0:0H
    6 root       0 -20       0      0      0 I   0.0  0.0   0:00.00 mm_percpu_wq
[...]

It seems the CPU allowance does not affect the load caused by IRQ. Is it really the case or I missed something?

Side question: If I start another container which is assigned to CPU 1 only, will it use CPU 0 for the IRQs too? If so, I have a bottleneck.

stgraber · September 5, 2018, 8:13pm

I’d expect IRQs to be processed by whatever CPU they land on. So typically CPU0 unless you’re running irqbalance on the host.

As containers don’t have fake hardware, they also don’t control IRQ targeting and so early processing of an interrupt (until it hits a subsystem that is cgroup aware or a userspace task) will likely happen outside of any limits.