Backup performances - stunnel bottleneck

  • Hello all,

    We are currently evaluating XOA as a management interface to XCP/XS and espacially as a backup solution.
    As delta backup is a really good solution, the main drawback we saw is the "export bottleneck".
    Using XAPI to export VM/VHD is a good thing (much more reliable than other backup solutions) there are somme huge bottlenecks.

    The one that we disscussed with XOA support this morning is the stunnel thing.
    By default all connections to XAPI is sent trough HTTPS and stunnel is the one in charge of encryption.
    In our env, we mostly get between 60/90MB per sec as backup speed with XOA (Network is 10G and disks are SSD).
    So we tested connection (using tricky conf) in HTTP to Xen pool in order to get some improvments.

    As soon as we switched to HTTP, backup speed increased (+++). We switched to more than 200MB per sec.
    So (this is already known) stunnel is a huge bootleneck.
    Removing it reduces security (sic) but increases perfs. Security can be mitigated by the overall security of the relying network (like internal or isolated).

    Some discussions have been pointed on Citrix forums about the fact that stunnel is an old version and can be updated.
    "Recent" versions are known to have "parallel" encryption to increase performance.
    As a "stupid" test we updated stunnel (to (5.44) on a fresh install of XCP to test if it changes anything.
    But we do not noticed any improvments.

    We will make some tests later to see if a new version of stunnel can help to speedup things.

  • Can you go there?

    We'll replace XO forum by XO category in XCP-ng forum in the future 🙂 So your contribution there will be better than here! Thanks 🙂

Log in to reply