Erik’s Weblog

TL;DR: Django ORM + psycopg2 adds ~50% overhead vs raw C/libpq for trivial single-row SELECTs. PgBouncer costs ~5%. Local connections are ~30% faster than network. The bottleneck is client-side — the database server barely breaks a sweat. I’ve been dealing with database performance issues in a fairly large Django application — neither the app servers nor the database show high CPU utilization, yet something is clearly bottlenecked. I put together some simple benchmarks to isolate where the overhead lives. ...

In the process of trying to figure out my VM performance problems, I’ve been doing a lot of filesystem benchmarking. Unfortunately, there isn’t a lot of consistency between platforms or machine classes as to benchmarking methodology, so I’ve had some trouble generating comparable numbers. However, I’ve gotten the solaris filebench suite running on linux, and bonnie++ running on solaris, so I can now generate comparable numbers across both platforms. One of my primary interests is the throughput I can get out of the 3ware 7506 raid controller in my unix nas box, both in order to optimize it and in order to compare to other solutions and determine if they will actually be an upgrade or not. In the process, I’ve been benchmarking an older Dell Precision Workstation 420. It has 4 wd1200jb drives plugged into its onboard IDE boards (yes, they are sharing ide channels), and is currently running opensolaris nv47. I played around with a few different ZFS configurations, but eventually settled on raidz, leaving me with 360G usable disk space. Here’s some of the numbers I got: ...

So I want to simplify and strengthen our network security at the office. Currently we’re using a mishmash of cisco IOS ipsec, pptp, cbac/NAT and linux iptables host based firewalls. I’d like to centralize everything, and add a more reliable vpdn solution to the mix. In addition, I’d like better logging and traffic shaping control. Cisco 2600 with IOS 12 advanced firewall I’ve been running this for the last couple of years, on 2600 class hardware. In general, its a very complete solution, but configuring it can be extremely trying. I can’t even remember the number of times I’ve been stumped by some issue that ‘should be working’, only to find out a month or two later that the problem was software revision I was using. Cisco is very difficult to work with wrt getting firmware updates for their software, and I typically don’t have good luck findout out what other version I’d need, anyway. The cisco ipsec vpn implementation seems to be solid, as are their routing abilities. The CBAC packet inspection system is where the cisco starts to weaken as a firewall platform, however. Even just inspecting standard TCP traffic can easily put the 2600 under enough load that I can’t really afford to run it between my internal network and DMZ. ...