Linux bridge
Within the context of the workload analysis and measurement results obtained, the standard software bridge included in Linux® can also be a reasonable choice for KVM guest connectivity.
Linux bridges avoids the same restrictions imposed by the MacVTap driver. The Linux bridge provides performance characteristics that are equivalent to or within 10% of Open vSwitch performance results.
The following topics describe the high level comparison of relative performance between the Linux bridge and Open vSwitch.
KVM guests and uperf
pairs running on the same KVM host using
a small MTU size
- Transaction performance observations:
-
- The latency and throughput results at the small to medium payload sizes are within measurement variations compared to Open vSwitch.
- At small and medium payload sizes, the Linux bridge may have very small CPU consumption savings.
- As the bandwidth load becomes high, the Linux bridge performance tends to drop off up to ~7% versus Open vSwitch.
- Streaming performance observations:
-
- Throughput and latency performance are nearly equivalent to Open vSwitch, hovering within 2% (which is within the normal measurement variations) with a trend to a very slight drop.
- Conclusion:
-
- For small and large payload sizes, the Linux bridge is essentially equivalent to Open vSwitch.
- For moderate size payloads, Open vSwitch demonstrated a 5% advantage for throughput and latency while achieving a slightly lower improvement for CPU consumption. Open vSwitch is recommended for this payload sizes.
KVM guests and uperf
pairs running on the same KVM host using
a large MTU size
- Transactional and streaming performance observations:
-
- Behavior is nearly identical, with a trend to a very minor drop in performance for streaming workloads.
- Conclusion:
-
- Linux bridge results are similar to Open vSwitch across all the tests. For this reason, either would be an equally acceptable choice when using a bridge is desirable.
KVM guests and uperf
pairs running across separate KVM hosts
using a small MTU size
- Transactional and streaming performance observations:
-
- The behavior is essentially equivalent across all workload tests.
- The difference in CPU efficiency are mixed. As seen in previous graphs, the
uperfclient and server CPU efficiencies tend to vary +/- a fair amount. With no clear trend visible across these runs, the variations are therefore considered inconsequential for comparison purposes.
KVM guests and uperf
pairs running across separate KVM hosts
using a large MTU size
- Performance observations:
-
- The results of the large MTU size are almost identical to the small MTU results, and have therefore been omitted.
Overall conclusions when comparing a Linux bridge to Open vSwitch in our tests
- For single LPAR using a small MTU size:
-
-
Open vSwitch is recommended over the Linux bridge. The Linux bridge falls behind Open vSwitch across most tests for throughput and transaction time (latency), where the most notable difference was observed with large transactional payloads.
-
- For single LPAR with large MTU size or multiple LPARs with either MTU size:
-
-
The differences between both bridges is negligible as they delivered nearly equivalent performance characteristics. In this case, aspects other than performance might influence your choice of bridge.
-
Other considerations
- Like Open vSwitch, the Linux bridge does not require any special hardware support (ie. no switch with hairpin mode required) to enable the KVM host and KVM guests to communicate directly.
- The Linux bridge can be configured to provide a KVM host isolation mode. Unlike MacVTap, a Linux bridge does not require being attached to a KVM host interface in order to operate, providing a pure virtual and isolated network.
- By only connecting KVM guests to a Linux bridge and not connecting the bridge to the external facing host interface, the KVM guests can communicate with each other and the KVM host while being detached and isolated from all network traffic originating from or destined to go outside of the KVM host environment.
- Has been part of standard Linux installs for years. Requires no additional packages to install or learn.