<div dir="ltr">One of our DNS services is running on a virtual platform.<div> The platform is built by virtual computing (KVM), virtual network (VxLAN powered), and virtual storage (Ceph).</div><div>Not openstack, but the service developed by ourselves.</div><div><br></div><div>nameservers are:</div><div><a href="http://ns1.yyclouds.com">ns1.yyclouds.com</a></div><div><a href="http://ns2.yyclouds.com">ns2.yyclouds.com</a></div><div><br></div><div>regards.</div><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-08 7:47 GMT+08:00 George Michaelson <span dir="ltr"><<a href="mailto:ggm@apnic.net" target="_blank">ggm@apnic.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I too decided not to do a bunch of stuff (tcpdumps, timestamped packet analysis) from virtuals because I worried about isochrony. Then I noticed that even on bare metal, I could drop UDP in the kernel, get out of order presentation up into the user process, not log the query in bind..<div><br></div><div>So I ran a job sending a million (queue image of evil person with pinkie to lips) queries and checked tcpdump order on bare metal and on a virtual. It didn't seem to make any difference: the virtualized packet drivers these days really don't represent more overhead on you than many other things your kernel is doing.</div><div><br></div><div>I am unconvinced that for most of us, the distinction matters. I am sure there are corner cases, but I think its very likely that time variance and lossage from virtuals compared to bare metal _for most people_ is below the noise threshold.</div><div><br></div><div>If you put the virtual on some platform which is flogged, and has insufficient disk, memory, faulty VT logic I have no doubt this isn't true. Equally, if you run bare metal on a Raspberry Pi, I suspect your not getting the best response per packet.</div><div><br></div><div>YMMV</div><div><br></div><div>-G</div><div><br></div><div>PS maybe there's a student project lurking in this? If it turns out there *is* a systematic variance by OS and {server type} and {jail,dock,VM,Xen,bare-metal,<wbr>Kubernetes} which exceeded the variance from other sources, wouldn't it be nice to know?</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 7 August 2016 at 21:36, Phil Regnauld <span dir="ltr"><<a href="mailto:regnauld@nsrc.org" target="_blank">regnauld@nsrc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><span><a href="mailto:sthaug@nethelp.no" target="_blank">sthaug@nethelp.no</a> (sthaug) writes:<br>
><br>
> Trying to avoid complexity and issues like the ones mentioned above is<br>
> why I run my name servers on bare metal. YMMV.<br>
<br>
</span></span><span class=""> You can run Docker in a VM, or on bare metal (most do).<br>
<br>
The *assumption* is that you'll be running containerized services on<br>
RFC1918 nets and NAT on the host. It's a different approach to doing<br>
things, but nothing forbids one from doing it their way.<br>
<br>
If you want best of both worlds, and still do process isolation while<br>
benefiting from "the full stack" and no network shenanigans, you could<br>
be using FreeBSD jails or Linux' LXD.<br>
</span><div><div><br><span class="">
______________________________<wbr>_________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.<wbr>net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mai<wbr>lman/listinfo/dns-operations<br>
dns-operations</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mai<wbr>lman/listinfo/dns-operations</a><br>
</span></div></div></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.<wbr>net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/<wbr>mailman/listinfo/dns-<wbr>operations<br>
dns-operations</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/<wbr>mailman/listinfo/dns-<wbr>operations</a><br></blockquote></div><br></div>