› Forums › Network Management › ZeroShell › Dramatically improve HAVP performance and save CF lifetime
- This topic is empty.
-
AuthorPosts
-
January 24, 2010 at 10:03 pm #42162
Marcelo
MemberHi Folks,
This is a simple guide on how to dramatically improve HAVP transparent proxy performance while extending the lifetime of your Flash Memory medium)
Target audience: This guide is directed to those who use the Compact Flash image of Zeroshell, but may also be useful by those who boot Zeroshell from a CD and have the Database in a pendrive or other flash memory based medium (in this case, for cdrom installation, it may require minor adjustments – not tested)
In its original ZS compact flash image, HAVP is configured to write the temporary files (the ones yet to be scanned) into the “/Database/var/register/system/havp/tmp” folder which resides into the writable partition of the Compact Flash.
This original configuration is very performance impacting because writing to Flash Memory is way too slow. In addition, this also tends to reduce the life time of the medium since Flash Memory is subject to aging in the proportion of the number of writings.
This guide aims to implement a workaround for these issues by enabling a on-memory scan, thus also avoiding Compact Flash frequent writes.Overall steps (UPDATE: The below guide became obsolete. A better approach is described in the 3rd post of this topic):
======================================================================================Step 0 – Disable your HAVP proxy using the GUI, in the case it is currently enabled.
Step 1 – Create a 50MB ext2 file-system virtual medium:
- > cd /Database
> dd if=/dev/zero of=HAVP.ext2 count=100000
> mkfs.ext2 HAVP.ext2
(answer yes since it will complain that HAVP.ext2 is not a block device)NOTE: This will be a ram disk, so there is no need to have a journaled filesystem like ext3, thus ext2 should be fine.
Step 2 – Prepare the HAVP.ext2 directory ownership for havp:
- > mount -o loop HAVP.ext2 /mnt
> chown havp.havp /mnt
> umount /mntStep 3 – These commands have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts:
- > cat /Database/HAVP.ext2 >/dev/ram3
> mount -omand,noatime /dev/ram3 /Database/var/register/system/havp/tmpNOTE: Be careful to not mistype it as /dev/ram2, which is your root ram filesystem ๐
Step 4 – Re-enable your HAVP proxy using the GUI
Have fun…
Performance Gains:
==============I didn’t use any tool to benchmark this, but I set a configuration for the Opera Browser to, at startup and with disk cache off, open several sites with tons of hundreds of images and started it twice, each time with one configuration, i.e., with this ram fs mounted and with it unmounted. Using the ram disk, I could notice a 10+ times performance increase.
Of course your performance gain will depend on the processing power of your box as well as the Compact Flash quality/speed.Additional Considerations:
===================The disadvantage of this on-memory scan approach is that it permanently consumes 50MB of ram, although I’m using this in my 512MB Fit-pc Slim (a GeodeLX 500MHz based gadget) with no problems.
I’m not yet sure if 50MB is a good value for the ram disk and, in the future, I may edit this post after some fine tunning.Good luck!
January 25, 2010 at 10:53 am #49453Marcelo
MemberImproving the guide with a bit of diskspace optimization:
Add a new step between steps 2 and 3:
Step 2.1 – gzip the HAVP.ext2 image:
- > gzip HAVP.ext2
Modify step3 accordingly:
Step 3 – These commands have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts:
- > gzip -dc /Database/HAVP.ext2.gz >/dev/ram3
> mount -omand,noatime /dev/ram3 /Database/var/register/system/havp/tmpJanuary 27, 2010 at 12:43 am #49454Marcelo
MemberHi Folks, I’ve just learned more about tmpfs…. ๐
…and this simply made my original guide (the first post in this topic) obsolete.
I’ll describe here a newer and better (yet simpler) approach using tmpfs.
Using tmpfs solves the permanent memory allocation downside of the initial approach and makes the virus scanning even quicker.The new guide:
===========Step 0 – Disable your HAVP proxy using the GUI, in the case it is currently enabled.
Step 1 – Undo the original approach (This step is only needed IF you have implemented the first approach described in the first post of this topic, otherwise skip it and jump right to step 2):
- > cd /Database
> rm HAVP.ext2
> umount /Database/var/register/system/havp/tmp[ edit the pre-boot script and remove the lines you added there as part of the original guide ]
NOTE1: Unfortunately, unless if you manage to get a copy of the “busybox” tool (which BTW is not that difficult to obtain), there is not an easy way to free up the space allocated by the ram disk mount used by the original approach, so, you will have to reboot your zeroshell box to free this memory. Fortunately the new approach will never suffer from the same problem.
NOTE2: If you did manage to copy busybox to your Zeroshell instalation, instead of rebooting, just execute “busybox freeramdisk /dev/ram3”Step 2 – The following command have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts (through the Zeroshell’s GUI):
- > mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp
Step 3 – Re-enable your HAVP proxy using the GUI.
Have fun…
Why is tmpfs better?
===============tmpfs is a memory filesysytem derived from ramfs that resides in the vfs layer and which framework is the same used by the kernel for caching all files of all mounted file systems. So, tmpfs reduces the overhead of having a format like ext2, ext3, etc, needed by the /dev/ramX devices. In addition, comparing to the original approach, it reduces cpu utilization and memory accesses for every file access when compared to /dev/ramX devices.
Tmpfs eliminates the permanently allocated memory downside of using the traditional ram disks. The “size=50m” option just specifies the maximum limit size of the filesystem, not a permanent allocation. Tmpfs allocates memory on demand and only the necessary amount to hold the existing files. Every time a file is deleted or truncated, memory is freed.
For more information on tmpfs refer to the documentation found on the kernel sources tree (note: this is not installed in your Zeroshell box):
- Documentation/filesystems/ramfs-rootfs-initramfs.txt
Documentation/filesystems/tmpfs.txtBest regards,
February 5, 2010 at 7:07 pm #49455Pit
MemberHi Marcelo,
my df looks:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/ram2 31729 15404 16325 49% /
/dev/hda2 140524 140524 0 100% /cdrom
shm 484588 0 484588 0% /dev/shm
/dev/hda1 13197 4900 7616 40% /boot
/udev/hda3 806928 185428 580508 25% /DB
/DB/_DB.001 806928 185428 580508 25% /Database
none 51200 0 51200 0% /Database/var/register/system/havp/tmpHTTP Proxy refuses to start after the changes. Do you have any idea?
Pit
February 5, 2010 at 7:21 pm #49456Marcelo
Memberdf output looks fine.
Sounds like a permission problem, are you sure you have executed the chown step?
to check, run “ls -lad /Database/var/register/system/havp/tmp” from the shell. You should see (only the text in bold is important, the remaining text may differ a bit when you run):
drwxrwxrwt 2 havp havp 540 Feb 5 15:32 /Database/var/register/system/havp/tmp
February 5, 2010 at 8:36 pm #49457Pit
MemberHi ,
this is my ls:drwxrwxrwt 2 havp havp 40 Feb 5 21:30 /Database/var/register/system/havp/tmp
I posted your code to /Database/var/register/system/startup/rc.local.
After reboot there is no tmpfs. I changed also to /bin/mount and /bin/chown. But no tmpfs. Are there other pre-boot scripts?Pit
February 5, 2010 at 9:12 pm #49458Marcelo
MemberOk, my tutorial could be clearer about what pre-boot scripts I’m refferring to: Pre-boot scripts are accessible from the Zeroshell’s GUI under Setup -> Startup / Cron -> pre-boot scripts.
Editing rc.local in the filesystem won’t get persisted after reboot as the root filesystem is a ramdisk on Zeroshell.
Getting back to your original problem: Did it work after fixing the directory permissions? If not, what is the output from the “free” command?
February 5, 2010 at 10:04 pm #49459Pit
MemberNo chanche, nothing works.
Here is my screenshot:
[/img]http://alstercom.de/img/scripting-editor.png
Pit
February 5, 2010 at 10:11 pm #49460Pit
MemberAnd the output of free:
root@zeroshell root> free
total used free shared buffers cached
Mem: 969180 132216 836964 0 12108 36320
-/+ buffers/cache: 83788 885392
Swap: 131064 0 131064February 5, 2010 at 11:46 pm #49461Marcelo
MemberOk, no reason for the previous commands not to work, but I edited the guide to make it simpler and replaced
> mount -omand,noatime,size=50m -ttmpfs none /Database/var/register/system/havp/tmp
> chown havp.havp /Database/var/register/system/havp/tmpwith
> mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp
This will always make sure the ownership definition of the directory isn’t skiped as it has been directly incorporated in the mount command (no more chown needed).
I also added a note that the pre-boot scripts I’m referring to is the Zeroshell’s GUI one
February 6, 2010 at 12:49 am #49462Pit
MemberSolved:
– Never never use Opera Browser for administering Zeroshell web-gui.
– Firefox works fine for me.
– Enter the new code from Marcelo into Setup/Startup-Cron/Pre-Boot.
– Check the status button and save.
– Reboot.– Start HTTP Proxy from the gui. Checkbox is enabled andStatus shows DOWN.
– Reboot.
– HTTP Proxy Status shows ACTIVEThanks a lot for your help.
Pit
February 6, 2010 at 12:57 am #49463Marcelo
MemberYou are welcome.
It doesn’t really require any reboot. Just execute the mount command both in the ZS shell and in the pre-boot script. If you are configuring your home router, rebooting is certainly a good way of testing that the pre-boot scripts are really working (or if you can afford doing this in a produciton router of your organization – in a maintenance window, maybe…).
I’m happy it is working for you now. Enjoy your new “boosted speed” proxy.
March 30, 2010 at 2:45 pm #49464apatheticsheep
MemberI tried this on my new zeroshell box because web browsing was painfully slow, even after I had disabled image scanning.
after following this procedure the proxy starts fine.
however there is absolutely no performance increase.
the proxy is still mind-numbingly slow.
I am running a p4 1500mhz with 128MB ram.
note: the only reason I am using the proxy is for the url blacklist, not the a/v scanning.
March 30, 2010 at 2:55 pm #49465Marcelo
MemberHi
please, post here the output of your df command when typed in the router’s shell.
March 30, 2010 at 2:59 pm #49466apatheticsheep
MemberFilesystem 1K-blocks Used Available Use% Mounted on
/dev/ram2 31729 15349 16380 49% /
/dev/hda2 140524 140524 0 100% /cdrom
shm 62848 0 62848 0% /dev/shm
/dev/hda1 13197 4900 7616 40% /boot
/udev/hda3 806928 273828 492108 36% /DB
/DB/_DB.001 806928 273828 492108 36% /Database
none 51200 0 51200 0% /Database/var/register/system/havp/tmp -
AuthorPosts
- You must be logged in to reply to this topic.