Virtuozzo continues to work to address the impact of the Spectre and Meltdown vulnerabilities. We published our response as soon as the vulnerabilities were disclosed and measured the performance impact of the first mitigations. The benchmarks show that performance degradation is due to the mitigation of CVE-2017-5715, also known as Spectre variant 2.
We are pleased to announce that the latest updates for Virtuozzo 7, Virtuozzo 6, and Virtuozzo containers for Linux 4.7 include the new kernels, compiled with retpoline-enabled compiler flags. Retpoline is a technique developed by Google to protect against Spectre without the performance penalty of the microcode-based mitigations. To find out more about these updates including how to install, you can view the following release notices:
Virtuozzo ran the standard vConsolidate1 test.
Based on our testing, the new kernel improves Linux containers’ performance by 25%, restoring performance to near pre-Spectre level:
Green graph #1: Virtuozzo 7 containers without Retpoline
Gray graph #1: Virtuozzo 7 containers with Retpoline
Virtual machines performed 15% better with near pre-Spectre performance levels:
Green graph #1: Virtuozzo 7 virtual machines without Retpoline
Gray graph #1: Virtuozzo 7 virtual machines with Retpoline
vConsolidate test is a performance benchmark; it deploys one or more groups of virtual appliances, which run certain applications working together as a single group (called Consolidation Stack Unit (CSU)). Each server in the group generates output results, such as transactions per second, and the aggregated result is used to compare different virtualization solutions. By increasing the number of CSUs, it is possible to compare how different virtualization solutions behave, which produce more transactions on the same hardware with the same number of CSUs, and which are able to run more tiles effectively (before overall system performance begins to decrease).