Dramatically improve HAVP performance and save CF lifetime

This topic is empty.

Viewing 15 posts - 1 through 15 (of 28 total)

1 2 →

Author

Posts
January 24, 2010 at 10:03 pm #42162
Marcelo
Member
Hi Folks,

This is a simple guide on how to dramatically improve HAVP transparent proxy performance while extending the lifetime of your Flash Memory medium)

Target audience: This guide is directed to those who use the Compact Flash image of Zeroshell, but may also be useful by those who boot Zeroshell from a CD and have the Database in a pendrive or other flash memory based medium (in this case, for cdrom installation, it may require minor adjustments – not tested)

In its original ZS compact flash image, HAVP is configured to write the temporary files (the ones yet to be scanned) into the “/Database/var/register/system/havp/tmp” folder which resides into the writable partition of the Compact Flash.
This original configuration is very performance impacting because writing to Flash Memory is way too slow. In addition, this also tends to reduce the life time of the medium since Flash Memory is subject to aging in the proportion of the number of writings.
This guide aims to implement a workaround for these issues by enabling a on-memory scan, thus also avoiding Compact Flash frequent writes.

Overall steps (UPDATE: The below guide became obsolete. A better approach is described in the 3rd post of this topic):
======================================================================================

Step 0 – Disable your HAVP proxy using the GUI, in the case it is currently enabled.

Step 1 – Create a 50MB ext2 file-system virtual medium:
NOTE: This will be a ram disk, so there is no need to have a journaled filesystem like ext3, thus ext2 should be fine.

Step 2 – Prepare the HAVP.ext2 directory ownership for havp:
Step 3 – These commands have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts:
NOTE: Be careful to not mistype it as /dev/ram2, which is your root ram filesystem 😉

Step 4 – Re-enable your HAVP proxy using the GUI

Have fun…

Performance Gains:
==============

I didn’t use any tool to benchmark this, but I set a configuration for the Opera Browser to, at startup and with disk cache off, open several sites with tons of hundreds of images and started it twice, each time with one configuration, i.e., with this ram fs mounted and with it unmounted. Using the ram disk, I could notice a 10+ times performance increase.
Of course your performance gain will depend on the processing power of your box as well as the Compact Flash quality/speed.

Additional Considerations:
===================

The disadvantage of this on-memory scan approach is that it permanently consumes 50MB of ram, although I’m using this in my 512MB Fit-pc Slim (a GeodeLX 500MHz based gadget) with no problems.
I’m not yet sure if 50MB is a good value for the ram disk and, in the future, I may edit this post after some fine tunning.

Good luck!
January 25, 2010 at 10:53 am #49453
Marcelo
Member
Improving the guide with a bit of diskspace optimization:

Add a new step between steps 2 and 3:
Step 2.1 – gzip the HAVP.ext2 image:
Modify step3 accordingly:
Step 3 – These commands have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts:
January 27, 2010 at 12:43 am #49454
Marcelo
Member
Hi Folks, I’ve just learned more about tmpfs…. 🙂

…and this simply made my original guide (the first post in this topic) obsolete.

I’ll describe here a newer and better (yet simpler) approach using tmpfs.
Using tmpfs solves the permanent memory allocation downside of the initial approach and makes the virus scanning even quicker.

The new guide:
===========

Step 0 – Disable your HAVP proxy using the GUI, in the case it is currently enabled.

Step 1 – Undo the original approach (This step is only needed IF you have implemented the first approach described in the first post of this topic, otherwise skip it and jump right to step 2):
Step 2 – The following command have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts (through the Zeroshell’s GUI):
Step 3 – Re-enable your HAVP proxy using the GUI.

Have fun…

Why is tmpfs better?
===============

tmpfs is a memory filesysytem derived from ramfs that resides in the vfs layer and which framework is the same used by the kernel for caching all files of all mounted file systems. So, tmpfs reduces the overhead of having a format like ext2, ext3, etc, needed by the /dev/ramX devices. In addition, comparing to the original approach, it reduces cpu utilization and memory accesses for every file access when compared to /dev/ramX devices.

Tmpfs eliminates the permanently allocated memory downside of using the traditional ram disks. The “size=50m” option just specifies the maximum limit size of the filesystem, not a permanent allocation. Tmpfs allocates memory on demand and only the necessary amount to hold the existing files. Every time a file is deleted or truncated, memory is freed.

For more information on tmpfs refer to the documentation found on the kernel sources tree (note: this is not installed in your Zeroshell box):
Best regards,
February 5, 2010 at 7:07 pm #49455

Pit
Member

Hi Marcelo,

my df looks:

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/ram2 31729 15404 16325 49% /
/dev/hda2 140524 140524 0 100% /cdrom
shm 484588 0 484588 0% /dev/shm
/dev/hda1 13197 4900 7616 40% /boot
/udev/hda3 806928 185428 580508 25% /DB
/DB/_DB.001 806928 185428 580508 25% /Database
none 51200 0 51200 0% /Database/var/register/system/havp/tmp

HTTP Proxy refuses to start after the changes. Do you have any idea?

Pit

February 5, 2010 at 7:21 pm #49456

Marcelo
Member

df output looks fine.

Sounds like a permission problem, are you sure you have executed the chown step?

to check, run “ls -lad /Database/var/register/system/havp/tmp” from the shell. You should see (only the text in bold is important, the remaining text may differ a bit when you run):

drwxrwxrwt 2 havp havp 540 Feb 5 15:32 /Database/var/register/system/havp/tmp

February 5, 2010 at 8:36 pm #49457

Pit
Member

Hi ,
this is my ls:

drwxrwxrwt 2 havp havp 40 Feb 5 21:30 /Database/var/register/system/havp/tmp

I posted your code to /Database/var/register/system/startup/rc.local.
After reboot there is no tmpfs. I changed also to /bin/mount and /bin/chown. But no tmpfs. Are there other pre-boot scripts?

Pit

February 5, 2010 at 9:12 pm #49458

Marcelo
Member

Ok, my tutorial could be clearer about what pre-boot scripts I’m refferring to: Pre-boot scripts are accessible from the Zeroshell’s GUI under Setup -> Startup / Cron -> pre-boot scripts.

Editing rc.local in the filesystem won’t get persisted after reboot as the root filesystem is a ramdisk on Zeroshell.

Getting back to your original problem: Did it work after fixing the directory permissions? If not, what is the output from the “free” command?

February 5, 2010 at 10:04 pm #49459

Pit
Member

No chanche, nothing works.

Here is my screenshot:

[/img]http://alstercom.de/img/scripting-editor.png

Pit

February 5, 2010 at 10:11 pm #49460

Pit
Member

And the output of free:

root@zeroshell root> free
total used free shared buffers cached
Mem: 969180 132216 836964 0 12108 36320
-/+ buffers/cache: 83788 885392
Swap: 131064 0 131064

February 5, 2010 at 11:46 pm #49461

Marcelo
Member

Ok, no reason for the previous commands not to work, but I edited the guide to make it simpler and replaced

> mount -omand,noatime,size=50m -ttmpfs none /Database/var/register/system/havp/tmp
> chown havp.havp /Database/var/register/system/havp/tmp

with

> mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp

This will always make sure the ownership definition of the directory isn’t skiped as it has been directly incorporated in the mount command (no more chown needed).

I also added a note that the pre-boot scripts I’m referring to is the Zeroshell’s GUI one

February 6, 2010 at 12:49 am #49462

Pit
Member

Solved:

– Never never use Opera Browser for administering Zeroshell web-gui.

– Firefox works fine for me.

– Enter the new code from Marcelo into Setup/Startup-Cron/Pre-Boot.
– Check the status button and save.
– Reboot.

– Start HTTP Proxy from the gui. Checkbox is enabled andStatus shows DOWN.
– Reboot.
– HTTP Proxy Status shows ACTIVE

Thanks a lot for your help.

Pit

February 6, 2010 at 12:57 am #49463

Marcelo
Member

You are welcome.

It doesn’t really require any reboot. Just execute the mount command both in the ZS shell and in the pre-boot script. If you are configuring your home router, rebooting is certainly a good way of testing that the pre-boot scripts are really working (or if you can afford doing this in a produciton router of your organization – in a maintenance window, maybe…).

I’m happy it is working for you now. Enjoy your new “boosted speed” proxy.

March 30, 2010 at 2:45 pm #49464

apatheticsheep
Member

I tried this on my new zeroshell box because web browsing was painfully slow, even after I had disabled image scanning.

after following this procedure the proxy starts fine.

however there is absolutely no performance increase.

the proxy is still mind-numbingly slow.

I am running a p4 1500mhz with 128MB ram.

note: the only reason I am using the proxy is for the url blacklist, not the a/v scanning.

March 30, 2010 at 2:55 pm #49465

Marcelo
Member

Hi

please, post here the output of your df command when typed in the router’s shell.

March 30, 2010 at 2:59 pm #49466

apatheticsheep
Member

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/ram2 31729 15349 16380 49% /
/dev/hda2 140524 140524 0 100% /cdrom
shm 62848 0 62848 0% /dev/shm
/dev/hda1 13197 4900 7616 40% /boot
/udev/hda3 806928 273828 492108 36% /DB
/DB/_DB.001 806928 273828 492108 36% /Database
none 51200 0 51200 0% /Database/var/register/system/havp/tmp
Author

Posts

Viewing 15 posts - 1 through 15 (of 28 total)

1 2 →

You must be logged in to reply to this topic.