Re: [libvirt] Question about parallel migration connections

On Thu, Jan 09, 2020 at 11:04:19PM +0000, Jim Fehlig wrote: > Are they supported with tunneled migration? The feature seems limited to native > migration, in which case I can send a patch prohibiting parallel migration > connections with the tunnel. Native migration should be preferred over tunneled migration these days. The tunneled migration feature was primarily a workaround for the lack of TLS support in QEMU, in order to leverage libvirtd's TLS connection.

QEMU has support for TLS directly in its native migration protocol these days. That should be preserved as it provides a better performing data channel than tunnelling. This will especially be seen with parallel migration. Even if libvirt enabled parallel migration with tunnelling, libvirtd does all I/O in a single thread, so you wouldn't see any performance benefit from it, especially when TLS is used. This is actually true whether you've got a single QEMU with multiple TCP connections for migration, or multiple QEMU's migrating concurrently. Both situations will be limited by libvirt's single thread for I/O.

With QEMU's native TLS support and parallell migration you'll be able to max out performance of many CPUs to maximise data throughput.

The only real interesting benefit of tunnelled migration that remains is the fact that everything happens over a single TCP port, so there is less to open in the firewall. IMHO this is not compelling enough to offset the serious performance downsides of tunnelling, now that QEMJU has native TLS support. Regards, Daniel