Performance degradations observed in few workloads when EDMM is enabled #1699
Replies: 5 comments 3 replies
-
I have a similar problem.
Enclave with edmm slower (40s vs 26s for non-edmm enclave) Application output:
I thought allocating 43MB of memory shouldn't take that long Enclave manifest for EDMM:
Enclave manifest without EDMM:
Dockerfile:
Additional information: |
Beta Was this translation helpful? Give feedback.
-
I figured out the problem a little
I don't understand why this package increases memory consumption and slows down enclave startup by 4 times when using edmm |
Beta Was this translation helpful? Give feedback.
-
I assumed the same thing, I'll try to figure it out and post the result here. In general, even using an enclave without pip, our machine learning solutions lose in speed when EDMM is enabled, despite the fact that they get a head start of ~20 seconds to launch the enclave (16Gb) |
Beta Was this translation helpful? Give feedback.
-
The python3-pip package does not make any changes to the python application. python3-pip package installs a bunch of dependencies:
that's why the size of the manifest is so large By my logic it shouldn't affect the loading speed of the enclave that much, surely it's not a gramine issue? |
Beta Was this translation helpful? Give feedback.
-
Adding |
Beta Was this translation helpful? Give feedback.
-
Description of the problem
When EDMM is enabled, few tests in the following workloads show more degradation with Gramine-SGX execution when compared with the actual baseline performance numbers. The baseline performance numbers are with Gramine v1.5 release. The details of performance degradation data are as attached in
Gramine_SGX_EDMM_Degradation.xlsx
.Following are the workloads.
Nginx
OVMS (OpenVINO Model Server)
MySQL
MariaDB
Note:
The above observation was seen with commit
fa437cb
, but the issue is also seen with Gramine v1.5; i.e. when EDMM is enabled the above perf degradations are visible even with Gramine v1.5.Gramine_SGX_EDMM_Degradation.xlsx
Steps to reproduce
Nginx Workload:
sudo apt-get install -y build-essential libssl-dev zlib1g-dev
cd gramine/CI-Examples/nginx/
make SGX=1
Execute Nginx workload in Native mode against
wrk
https benchmark../install/sbin/nginx -c conf/nginx-gramine.conf &
wrk
https benchmarking command../wrk/wrk -t1 -c300 -d180s https://127.0.0.1:8444/random/10K.1.html
Execute Nginx workload in Gramine SGX mode against
wrk
https benchmark.gramine-sgx ./nginx &
wrk
https benchmarking command../wrk/wrk -t1 -c300 -d180s https://127.0.0.1:8444/random/10K.1.html
Note:
The
wrk
benchmarking tool is invoked for 1 thread and 10k file size. These parameters need to be changed for higher thread count and file sizes.MySQL Workload:
sysbench
benchmarking tool using below command:sudo apt install -y sysbench
Build a Gramine-protected MySQL image
within https://github.com/gramineproject/contrib/tree/master/Intel-Confidential-Compute-for-X/workloads/mysql.mkdir workloads/mysql/test_db
docker run --rm --net=host --name init_test_db --user $(id -u):$(id -g) \ -v $PWD/workloads/mysql/test_db:/test_db \ -e MYSQL_ALLOW_EMPTY_PASSWORD=true -e MYSQL_DATABASE=test_db mysql:8.0.32-debian \ --datadir /test_db &
mkdir workloads/mysql/test_db
docker run --net=host --name init_test_db --device=/dev/sgx/enclave -v /var/run/test_db_encrypted:/var/run/test_db_encrypted -it gsc-mysql:8.0.32-debian --datadir /var/run/test_db_encrypted
Note:
The below Prepare and Cleanup commands need to be run only once per test. Run command can be run for 10 iterations.
Read only operation:
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=40 --report-interval=5 oltp_read_only --tables=16 --table_size=100000 --threads=8 prepare
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=40 --report-interval=5 oltp_read_only --tables=16 --table_size=100000 --threads=8 run
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=40 --report-interval=5 oltp_read_only --tables=16 --table_size=100000 --threads=8 cleanup
Write only operation:
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=20 --report-interval=5 oltp_write_only --tables=16 --table_size=100000 --threads=8 prepare
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=20 --report-interval=5 oltp_write_only --tables=16 --table_size=100000 --threads=8 run
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=20 --report-interval=5 oltp_write_only --tables=16 --table_size=100000 --threads=8 cleanup
Read-write operation:
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=40 --report-interval=5 oltp_read_write --tables=16 --table_size=100000 --threads=8 prepare
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=40 --report-interval=5 oltp_read_write --tables=16 --table_size=100000 --threads=8 run
sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=test_db --time=40 --report-interval=5 oltp_read_write --tables=16 --table_size=100000 --threads=8 cleanup
MariaDB Workload:
For this workload, the execution operations are same as MySQL workload, but for building the workload refer section
Build a Gramine-protected MariaDB image
within https://github.com/gramineproject/contrib/tree/master/Intel-Confidential-Compute-for-X/workloads/mariadb.OpenVINO Model Server (OVMS) Workload:
Build a Gramine-protected OpenVINO Model Server image
within https://github.com/gramineproject/contrib/tree/master/Intel-Confidential-Compute-for-X/workloads/openvino-model-server.Execute OVMS workload in Native mode against OVMS CPP benchmark client.
Launch OVMS in Native mode.
docker run --net=host --name init_native_test_db -u $(id -u):$(id -g) -v $(pwd)/workloads/openvino-model-server/test_model:/model -p 9001:9001 openvino/model_server:latest --model_path /model --model_name model-name --port 9001 --layout NCHW
Invoke OVMS CPP benchmarking client command.
docker run --rm --network host -e "no_proxy=localhost" ovms_cpp_benchmark \ ./synthetic_client_async_benchmark --model_name=model-name --grpc_port=9001 --iterations=2000 \ --max_parallel_requests=100 --consumers=8 --producers=1
Launch OVMS in Gramine-SGX mode:
docker run --rm --net=host --name init_sgx_enc_test_db -u 0:0 -p 9001:9001 --device=/dev/sgx/enclave -v /mnt/tmpfs/model_encrypted:/mnt/tmpfs/model_encrypted -t gsc-openvino/model_server --model_path /mnt/tmpfs/model_encrypted --model_name model-name --port 9001 --layout NCHW
Invoke OVMS CPP benchmarking client command.
docker run --rm --network host -e "no_proxy=localhost" ovms_cpp_benchmark \ ./synthetic_client_async_benchmark --model_name=model-name --grpc_port=9001 --iterations=2000 \ --max_parallel_requests=100 --consumers=8 --producers=1
Note:
Replace "model-name" strings in above commands with the corresponding model names to be tested for. i.e. 'resnet50-binary-0001' for Resnet model and 'face-detection-retail-0005' for Face detection model.
Expected results
When EDMM is enabled, the performance degradation of the workloads should not exceed the baseline performance numbers.
Actual results
When EDMM is enabled, the performance degradation for few tests of the above mentioned workloads exceed the baseline performance numbers.
Gramine commit hash
fa437cb
Beta Was this translation helpful? Give feedback.
All reactions