3 Replies Latest reply on Jan 17, 2018 11:42 AM by Intel Corporation

    Virtuozzo 7 - Meltdown/Spectre (Microcode) Patch Performance desaster

    Futureweb

      Hey there,

       

      I got massive Performance Problems with Meltdown/Spectre Patches for Virtuozzo Virtualization. (Container)

      Since Meltdown/Spectre Patches the Performance dropped to unuseable levels. I patched one of our Root Servers which is running 1 (ONE) productive Container with EZ CMS (Apache 2.4.6, PHP 5.6.32) and MySQL/MariaDB DB (5.5.56) to latest VZ Kernel (3.10.0-693.11.6.vz7.40.4)
      Root Server is HPE Gen9 Blade Server (Xeon CPU E5-2640 v3 @ 2.60GHz), Storage is Virtuozzo Storage running on SSD only (1-2GB/s Performance) - so rather good Hardware Specs ... ;-)

       

      So here what happened when I bootet to patched Kernel + CPU Microcode Update:

       


       

      completely unusable ... Load AVG spiked up to 150 and more (peaks up to over 200)

      Disabling the Security Patches brings the Load down to normal:
           tee /sys/kernel/debug/x86/*enabled <<< 0

       

      Answer from Virtuozzo Support:


       

      Essentially this means I can either patch System against Spectre and cripple the Performance that much that the Server is unuseable - or I decide to not patch the Server - keep good Performance but stay vulnerable to Spectre ...
      Both options not really satisfactory ...

       

      According to Virtuozzo Support this isn't correctable without another Microcode Update from intel_corp ... will there be optimizations that will help with those Problems? And if yes ... when to expect them?

       

      thx, bye from sunny Austria
      Andreas Schnederle-Wagner