This topic describes the kernel features and interfaces supported by Alibaba Cloud Linux. This topic is intended for advanced users who are familiar with the Linux kernel and want to leverage its features on Alibaba Cloud.
Memory
Reference | Supported version | Description |
| Alibaba Cloud Linux supports the Memcg Exstat feature. Compared with community versions of the Linux kernel, the Alibaba Cloud Linux kernel supports the following cgroup v1 interfaces for the Memcg Exstat feature: memory.events, memory.events.local, and memory.stat. The Alibaba Cloud Linux kernel also provides statistics on the latency caused by changes in the memcg global minimum watermark and backend asynchronous reclamation. | |
| Alibaba Cloud Linux introduces the memcg global minimum watermark tiers feature. It raises the global minimum watermark for resource-intensive tasks, making them subject to direct memory reclamation sooner. Conversely, it lowers the watermark for latency-sensitive tasks to protect them from direct reclamation. This mechanism prevents sudden memory allocations by resource-intensive tasks from causing performance degradation for latency-sensitive services. | |
| The memcg quality of service (QoS) feature can be used to control locks and limits on memory usage in a memcg. In community versions of the Linux kernel, the memcg QoS feature is supported only by the cgroup v2 interface. In Alibaba Cloud Linux kernel, the memcg QoS feature is also supported by the cgroup v1 interface. | |
| Alibaba Cloud Linux provides the backend asynchronous reclaim feature for memcgs. The backend asynchronous reclaim feature differs from the global kswapd kernel thread. The feature uses the workqueue mechanism instead of a corresponding memcg kswapd kernel thread. | |
| Alibaba Cloud Linux provides the memcg out of memory (OOM) priority policy feature. When the memcg OOM priority policy feature attempts to perform an OOM operation, the feature determines the priorities of cgroups and selects a low-priority cgroup to perform the operation. | |
| Alibaba Cloud Linux provides the Transparent Huge Pages (THP) reclaim feature. You can use the feature to fix memory usage issues caused by THP, such as OOM errors. | |
| Alibaba Cloud Linux supports Huge Pages for applications with large code segments. You can use the feature to allocate the executable parts of applications and dynamic-link libraries (DLLs) to huge pages to reduce instruction translation lookaside buffer (iTLB) misses and increase the 2 MB iTLB utilization of CPUs. This helps improve the application performance. | |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 supports the Kernel Electric-Fence (KFENCE) feature. Alibaba Cloud Linux 3 allows you to enable or disable KFENCE in a flexible and dynamic manner and fully capture memory pollution issues. This way, Alibaba Cloud Linux 3 balances online detection and offline debugging of memory pollution issues. | |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 provides the Page Cache Limit feature. The feature helps resolve system instability caused by unlimited page cache usage, such as business jitters and unexpected OOM errors. | |
Alibaba Cloud Linux 3 kernel version | In a non-uniform memory access (NUMA) architecture, especially on Arm-based instances, accessing code segments on a remote NUMA node introduces latency. The code duplication feature resolves this by replicating code from remote nodes to the local node's memory, eliminating cross-node access and improving performance. |
Network
Reference | Supported version | Description |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 is optimized to support Shared Memory Communications over RDMA (SMC-R). SMC-R is based on Alibaba Cloud elastic remote direct memory access (eRDMA) and can transparently replace TCP in applications without losing functionality. SMC-R enables direct, high-speed, low-latency, and memory-to-memory communications and provides higher performance than TCP in various scenarios, such as in-memory databases, remote procedure calls (RPCs), and large file transmission. | |
| Alibaba Cloud Linux supports TCP-layer service monitoring (TCP-RT). TCP-RT is a TRACE method. TCP-RT allows you to configure event tracking in a kernel-based TCP stack to identify a request and response when a single connection carries only one concurrent request and response. Then, you can obtain information, such as the time required to receive the request in the TCP stack and the time required to process the request. TCP-RT also supports statistical analysis in the kernel system and generates statistics about specific connections on a regular basis. | |
| In Linux kernels, TCP/IP connections remain in the TIME-WAIT state for 60 seconds. The length of this period cannot be changed. However, you must shorten this period in specific scenarios, such as scenarios that have heavy TCP loads, to improve network performance. To optimize network performance in the preceding scenarios, Alibaba Cloud Linux 2 provides a kernel interface to change the duration for which TCP/IP connections remain in the TIME-WAIT state before the system closes the connections. | |
Disable the estimation feature of IPVS to prevent network jitters |
| By default, the IP Virtual Server (IPVS) module of the Linux operating system enables the estimation feature. In scenarios in which a large-sized server hosts a large number of services, such as a large-scale Kubernetes cluster scenario, the estimation feature may cause a latency of tens to hundreds of milliseconds or network jitters when the server processes network requests. You can disable the estimation feature of IPVS for Alibaba Cloud Linux images. If you do not use the feature to collect statistics such as the number of packets and connections, we recommend that you disable the estimation feature of IPVS to eliminate additional overheads and jitters that occur during statistics collection. |
Alibaba Cloud Linux 3 kernel version | In FULLNAT scenarios, such as when Anti-DDoS Proxy is used, the address of a client is translated to the address of a FULLNAT node. To obtain the real address of the client, you can connect to a backend server that runs the Alibaba Cloud Linux 3 operating system with kernel version |
Storage
Reference | Supported version | Description |
| Alibaba Cloud Linux provides the cgroup writeback feature for the cgroup v1 interface. The cgroup writeback feature allows you to limit the buffered I/O rate when you use the cgroup v1 interface. | |
| Alibaba Cloud Linux provides the weight-based throttling feature (blk-iocost) based on the cost model. The blk-iocost feature is an improvement to the weight-based disk throttling feature of the I/O subsystem (blkcg) in the kernel. | |
| Alibaba Cloud Linux provides interfaces to better monitor Linux block I/O throttling. | |
| JBD2 is the journaling block device layer for the ext4 file system. Under certain conditions, it can enter a BH_Shadow state, which can impact I/O performance. To resolve the preceding issue, Alibaba Cloud Linux provides interfaces to optimize JBD2. | |
| By default, Ext4 file systems impose restrictions that prevent hard links from being created across project quotas. However, specific scenarios require hard links to be created across project quotas. Alibaba Cloud Linux provides a custom interface to bypass the restrictions of Ext4 file systems and create hard links across project quotas. | |
| Alibaba Cloud Linux optimizes the /proc/diskstats interface that provides raw data for the I/O latency analysis tool iostat. Alibaba Cloud Linux can calculate the durations of read, write, and special I/O (discard) operations on the device side. Alibaba Cloud Linux also provides the BPF Compiler Collection (BCC) toolset to track I/O latency. | |
| An I/O hang occurs when the system becomes unstable or fails due to time-consuming I/O requests. Alibaba Cloud Linux extends the core data structure and provides a feature that locates and detects I/O hangs at low system overheads. | |
Configure the context readahead feature of file systems to improve file access performance |
| Linux uses the readahead technique to accelerate file access by prefetching data and loading the data into the page cache. Linux also supports the context readahead algorithm, which can detect interleaved sequential streams to optimize file access performance. However, in specific random access scenarios, the context readahead algorithm is prone to poor judgment and may prefetch more pages than necessary. In the preceding scenarios, you can disable the context readahead feature to significantly improve application performance. |
Alibaba Cloud Linux 3 kernel version | Target Core Module (TCM) is another name for Linux-IO Target (LIO), which is an in-kernel Internet Small Computer Systems Interface (iSCSI) target. TCM in Userspace (TCMU) is the userspace implementation of LIO. TCMU allows userspace programs to coordinate with various userspace backend implementations in a convenient manner. Based on the TCMU framework and the LIO loopback (tcm_loop) module, you can implement userspace iSCSI targets with ease. |
Monitoring
Reference | Supported version | Description |
Alibaba Cloud Linux 3 kernel version | Alibaba Cloud Linux 3 supports Unified Kernel Fault Event Framework (UKFEF) in kernel version | |
| Alibaba Cloud Linux provides the Pressure Stall Information (PSI) feature for the cgroup v1 interface. The PSI feature allows you to monitor CPUs, memory, and I/O performance. |
Scheduling
Reference | Supported version | Description |
| Alibaba Cloud Linux provides the CPU burst feature for the cgroup v1 interface. The CPU burst feature allows CPU-throttled containers to burst CPU utilization to deliver higher performance and lower latency. | |
| Alibaba Cloud Linux provides the group identity feature. The feature allows you to configure different identities for CPU cgroups to prioritize process tasks in the cgroups. |
Compatibility
Reference | Supported version | Description |
Statistical state change of anonymous pages in the /proc/meminfo file |
| In Alibaba Cloud Linux kernel version |
Others
Reference | Supported version | Description |
| Alibaba Cloud Linux provides kernel interfaces for the container resource visualization feature to enhance the visibility of container resources. | |
Security hardening for user namespaces in Alibaba Cloud Linux |
| Linux supports the user namespace feature. The feature enables processes to have different user IDs and group IDs in different user namespaces to isolate permissions. However, enabling the user namespace feature increases the risk of privilege escalation attacks to the system. Attackers may exploit system vulnerabilities to obtain privileged permissions and bypass the system permission control. |