Lxd containers nic speed

Hi all,

I experience slower nic speed inside the containers. The host is ok. 500/500 mbps however every single container is max 100/100mbps

Do you have any limits on the devices? Can you post the output of the following commands:

lxc config show <container-name>
lxc profile show <profile-name>

If you don’t know what profile to show you can get it from the output of the lxc config show command. It’s listed at the bottom as:

profiles:
- default

Hi

No i did not limit anything on the containers.

root@esx:~# lxc config show dcfs01 architecture: x86_64 config: boot.autostart: “1” environment.TZ: Europe/Amsterdam image.architecture: amd64 image.description: Debian stretch amd64 (20190430_05:24) image.os: Debian image.release: stretch image.serial: “20190430_05:24” volatile.base_image: 0c0eedb46b6592ae53a4fd0c7efff666233b758429e62ab6489f5c009503e4f3 volatile.eth0.host_name: veth6ce4cdbd volatile.eth0.hwaddr: 00:16:3e:8a:c8:9a volatile.idmap.base: “0” volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’ volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’ volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’ volatile.last_state.power: RUNNING devices: {} ephemeral: false profiles: - default stateful: false description: “” root@esx:~#

root@esx:~# lxc profile show default config: {} description: Default LXD profile devices: eth0: name: eth0 nictype: bridged parent: bridge1 type: nic root: path: / pool: lxd type: disk name: default used_by: - /1.0/containers/kopano - /1.0/containers/dcfs01 - /1.0/containers/opsi - /1.0/containers/controller - /1.0/containers/ex02 - /1.0/containers/zwave root@esx:~#

Also a question

I updated the containers and now i am runnen debian buster. However the first command shows debian stretch.

How can i update this?

LXD knows that you have started off with the Debian Stretch container image. Once the container is up and running, it does not know much of what’s going in the container.

O ok

Any idea why the nic speeds is slow?

I do not know about those nic speeds.

I did not see though any info on what tool is used to measure the speed. Without that, we won’t be able to reproduce.

A few preliminary remarks.
First and most importantly, I’m not a LXD developer so take anything I say with a pitchfork of salt.

Then your question is not clear at all. You have not given any precise benchmark numbers. Then you have posted your configuration in a very difficult to read format.
Please use the </> button (as on any old PHPBB forum) to format any information other than plain text, such as pasted configuration data.

From what I see, you use bridged config.
You can learn more on what is bridged software networking here:

this blog post is a bit involved and needs some effort to follow, but is invaluable IMO.

You’ll understand that there is something like a software pipeline between your physical network and your container. If everything is done in the kernel, it should not be very significant except with very high network speeds and relatively slow systems.
Now, things are not always simple, and only a very involved developer could give you a full assurance that there is no context switch in the pipeline. If a userland process is involved at all, it will impact severely performance even on a powerful system. I just don’t know, it’s way over my understanding of this feature.

Anyway, you could try to just remove the middle man by using Macvlan or Ipvlan. If you can post some reproducible benchmarks using these 2 or 3 configs it would be interesting for other users.

Hi Guys,

Thanks for your reply. I will test some more with these setups and post it here when done.

Please can you also provide exact figures and how you are testing, i.e are you using iperf?

Also please provide the output of lxc config show <container name> --expanded

Thanks