On 1/10/20 2:26 AM, Daniel P. Berrangé wrote: > On Thu, Jan 09, 2020 at 11:04:19PM +0000, Jim Fehlig wrote: >> Are they supported with tunneled migration? The feature seems limited to native >> migration, in which case I can send a patch prohibiting parallel migration >> connections with the tunnel. > > Native migration should be preferred over tunneled migration these days. > The tunneled migration feature was primarily a workaround for the lack > of TLS support in QEMU, in order to leverage libvirtd's TLS connection. Tunneled serves the same purpose in the xen driver. > QEMU has support for TLS directly in its native migration protocol these > days. That should be preserved as it provides a better performing data > channel than tunnelling. This will especially be seen with parallel > migration. Even if libvirt enabled parallel migration with tunnelling, > libvirtd does all I/O in a single thread, so you wouldn't see any > performance benefit from it, especially when TLS is used. This is > actually true whether you've got a single QEMU with multiple TCP > connections for migration, or multiple QEMU's migrating concurrently. > Both situations will be limited by libvirt's single thread for I/O. Nod. > With QEMU's native TLS support and parallell migration you'll be able > to max out performance of many CPUs to maximise data throughput. The docs on parallel migration are slim. What guidance should we provide wrt selecting a reasonable number of connections for parallel migration? Should users experiment to find a number that saturates the network link used for migration? AFAICT there are currently no bounds checks on the number. E.g. there is nothing preventing 'virsh migrate --parallel --parallel-connections 1000 ...'. Regards, Jim > The only real interesting benefit of tunnelled migration that remains > is the fact that everything happens over a single TCP port, so there > is less to open in the firewall. IMHO this is not compelling enough > to offset the serious performance downsides of tunnelling, now that > QEMJU has native TLS support. > > Regards, > Daniel > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
