Zone reclaim mode

Non-uniform memory access or NUMA is not a new concept but high end multiprocessor Intel-based servers are increasingly configured with this architecture, bringing it more to the mainstream. Put simply NUMA means that instead of all processors accessing your main system memory through a common bus, each processor is allocated an even share of the memory that it can address directly. If a processor needs to access memory controlled by another processor it can do so through that other processor.

Linux kernels from v2.5 onwards are aware of any NUMA architecture and it can be displayed using numactl -H or numactl –hardware:

node distances: node 0 1 2 3 0: 10 21 21 21 1: 21 10 21 21 2: 21 21 10 21 3: 21 21 21 10

The above is from a four socket server. It shows that fetching from local memory is weighted at ’10’ and from memory controlled by other processors ’21’. I strongly suspect these weightings are hard coded.

numactl -H also shows information about how the memory is split between processors. The term ‘node’ is used:

available: 4 nodes (0-3) node 0 cpus: 0 1 2 3 4 5 6 7 32 33 34 35 36 37 38 39 node 0 size: 65418 MB node 0 free: 310 MB node 1 cpus: 8 9 10 11 12 13 14 15 40 41 42 43 44 45 46 47 node 1 size: 65536 MB node 1 free: 41 MB node 2 cpus: 16 17 18 19 20 21 22 23 48 49 50 51 52 53 54 55 node 2 size: 65536 MB node 2 free: 82 MB node 3 cpus: 24 25 26 27 28 29 30 31 56 57 58 59 60 61 62 63 node 3 size: 65536 MB node 3 free: 43 MB

What the above shows is that the free memory available to each node varies. If a process running on node 3, in our example, needs to allocate memory and it needs more than 43 Mb, it can either:

Use memory assigned to another node, for example node 0. This means the memory access will not be local.
Reclaim memory from node 3’s local memory by evicting other pages from memory.

The kernel switch vm.zone_reclaim_mode controls which behaviour is used. If set to 1 it will prefer to evict other pages from memory.

This is explained in a great more detail in this article by Christoph Lameter.

How is this parameter set on your system? You can check by running cat /proc/sys/vm/zone_reclaim_mode

If it’s set to 1 on your Informix system you should definitely read on. You’ll be glad to hear this parameter can be changed dynamically.

In the latest kernels (2014 onwards) this commit means that the parameter will never be set on your system automatically but if you’re running an enterprise Linux you could be on a kernel version like 2.6.32 (RHEL 6) where this can occur: although patched the base version of this dates from 2009.

I am not sure of the exact criteria that determine when older Linux kernels will switch on this feature at boot up. I think you need a modern four (or more) processor server with a NUMA architecture but there may be other requirements.

It’s interesting to read the slightly repetitious kernel commit log:

When it was introduced, zone_reclaim_mode made sense as NUMA distances punished and workloads were generally partitioned to fit into a NUMA node. NUMA machines are now common but few of the workloads are NUMA-aware and it’s routine to see major performance degradation due to zone_reclaim_mode being enabled but relatively few can identify the problem.

Those that require zone_reclaim_mode are likely to be able to detect when it needs to be enabled and tune appropriately so lets have a sensible default for the bulk of users.

This patch (of 2):

zone_reclaim_mode causes processes to prefer reclaiming memory from local node instead of spilling over to other nodes. This made sense initially when NUMA machines were almost exclusively HPC and the workload was partitioned into nodes. The NUMA penalties were sufficiently high to justify reclaiming the memory. On current machines and workloads it is often the case that zone_reclaim_mode destroys performance but not all users know how to detect this. Favour the common case and disable it by default. Users that are sophisticated enough to know they need zone_reclaim_mode will detect it.

Hopefully now the relevance to Informix is becoming a little clearer. Certainly there has been much complaining in the PostgreSQL community about this parameter. Another frustrated blog post describes some of the massive I/O latency problems it can cause on your system even when under no obvious memory pressure.

On our Informix system, which uses huge pages, we have experienced long disruptive checkpoints as a result of zone reclaiming. As huge pages are not swappable, it’s likely to be our monitoring and other non-Informix processes provoking the zone reclaims.

The long checkpoint behaviour can be summarised as:

A checkpoint is triggered by CKPTINTVL.
Informix instructs all threads to finish what they are doing and goes into state CKPT REQ.
One or more threads may be in critical section and must continue to the end of this section before it can stop.
A zone reclaim is occurring and I/O throughput dramatically decreases and this thread takes many seconds to come out of critical section.
All active threads wait (state C in the first column of onstat -u).
Eventually the operation completes, the checkpoint actually occurs very quickly and processing continues.

This behaviour can occur in later versions of the engine with non-blocking checkpoints.

If you have the mon_checkpoint sysadmin task enabled (I strongly recommend this), information about your checkpoints will be written to sysadmin:mon_checkpoint. (Otherwise you only retain information about the last twenty checkpoints visible through onstat -g ckp.) A tell tale sign is a large crit_time, nearly all of the checkpoint duration, and a much smaller flush_time.

You can get further evidence of whether a zone reclaim might be occurring at the same time by looking at the number of pages scanned per second in the output from sar -B. (sar is a very sophisticated monitoring tool these days with views into many aspects of the operating system.)

One test you can try (on a test server) is LinkedIn Engineering’s GraphDB simulator. It’s a C++ program that mimics the behaviour of GraphDB and is designed to provoke zone reclaim behaviour from the Linux kernel if it is switched on.

On our test system we can leave it running for hours without zone reclaim enabled and monitor it through sar -B.

10:30:55 AM pgpgin/s pgpgout/s 10:31:00 AM 951.42 20993.52 8415.59 10:31:05 AM 294.97 20930.38 8764.59 10:31:10 AM 170.28 24627.31 4939.16 10:31:15 AM 193.12 77519.03 5379.96 10:31:20 AM 240.24 88966.60 6875.45 10:31:25 AM 183.50 277.67 8113.28 10:31:30 AM 202.41 280.08 11409.46 10:31:35 AM 243.37 255.42 8815.46 10:31:40 AM 92.37 194.38 5890.96 10:31:45 AM 283.70 313.08 12742.05 10:31:50 AM 414.83 11179.96 7938.48 10:31:55 AM 198.79 31014.95 9007.47 10:32:00 AM 235.74 25065.86 10159.84 10:32:05 AM 202.01 37361.45 11010.24 10:32:10 AM 256.91 5640.48 7596.59 10:32:15 AM 246.89 20823.65 5411.42 10:32:20 AM 114.46 41366.27 6625.30 10:32:25 AM 188.76 20948.19 25422.09 10:32:30 AM 177.15 29934.67 9358.52 10:32:35 AM 237.83 9914.69 9167.40 10:32:40 AM 207.71 81296.55 8555.17 fault/s majflt/s pgfree/s pgscank/s pgscand/s pgsteal/s %vmeff 0.81 1351.62 0.00 0.00 0.00 0.00 2.21 3286.92 0.00 0.00 0.00 0.00 1.61 1859.64 32276.31 16282.73 565.06 1.16 1.42 53762.75 4495.55 0.00 93.72 2.08 1.81 1483.30 0.00 0.00 0.00 0.00 1.61 4045.47 0.00 0.00 0.00 0.00 2.82 3114.29 0.00 0.00 0.00 0.00 2.21 1905.62 0.00 0.00 0.00 0.00 1.00 1059.84 0.00 0.00 0.00 0.00 2.21 5263.38 0.00 0.00 0.00 0.00 2.00 45495.59 39413.23 0.00 784.17 1.99 2.63 2374.95 0.00 0.00 0.00 0.00 2.61 1866.47 0.00 0.00 0.00 0.00 2.01 3250.00 0.00 0.00 0.00 0.00 3.01 3638.08 0.00 0.00 0.00 0.00 1.80 1704.21 0.00 0.00 0.00 0.00 0.80 1352.41 0.00 0.00 0.00 0.00 1.81 8850.20 0.00 0.00 0.00 0.00 1.60 54522.65 42292.59 4315.83 1071.14 2.30 2.21 2483.50 0.00 0.00 0.00 0.00 2.64 2631.85 0.00 0.00 0.00 0.00

The test itself reports latencies over 100 ms and in this mode we occasionally see I/O operations taking around 200 ms reported.

We can change the kernel parameter dynamically while the test is running and see the behaviour change almost immediately:

10:35:15 AM pgpgin/s pgpgout/s fault/s majflt/s pgfree/s pgscank/s pgscand/s pgsteal/s %vmeff 10:35:20 AM 365.06 15634.14 6300.40 3.41 3841.57 0.00 15241.77 2644.18 17.35 10:35:25 AM 333.06 5519.35 9262.10 3.43 8639.31 0.00 92890.32 4528.63 4.88 10:35:30 AM 1158.15 20868.81 10292.96 10.06 12215.09 0.00 255137.22 7858.55 3.08 10:35:35 AM 781.12 41385.54 7742.77 5.02 5841.16 0.00 34506.02 3422.89 9.92 10:35:40 AM 518.10 8764.47 2524.85 3.25 2906.59 0.00 1703326.11 2016.93 0.12 10:35:52 AM 2576.57 39524.85 13449.49 11.31 10332.12 0.00 1153144.24 4256.77 0.37 10:35:57 AM 2707.22 40786.31 7962.55 8.17 9893.92 0.00 4246095.82 6729.66 0.16 10:36:02 AM 1600.75 1889.37 2551.12 4.34 629.04 0.00 3595585.63 253.52 0.01 10:36:16 AM 756.94 39362.58 2063.18 8.25 3785.71 0.00 4238635.01 1814.29 0.04 10:36:21 AM 990.94 9277.31 1584.26 6.24 1692.88 0.00 6222810.91 833.73 0.01 10:36:52 AM 69.73 0.00 116.91 0.96 271.29 0.00 2056531.75 7.20 0.00

The number of pages scanned per second escalates.

Meanwhile I/O latencies reported by the test program escalate up to 36000 ms. We actually have to kill the test program within 30 seconds of changing the kernel parameter to avoid the system becoming so unresponsive it cannot maintain sshd connections.

In our real world Informix example we are not using the page cache anything like as aggressively and when the problem occurs I/O demands reduce as we get down to a single thread in critical section. Thus we don’t see pages scanned at the rate in the test, just a clear increase.

It’s worth mentioning that new NUMA capabilities have been added to the Linux kernel in version 3.8 (and later in 3.13) so RHEL 7 users might see slightly different behaviour.

Simple password encryption

Posted: 28 September, 2015 | Author: Ben Thompson | Filed under: Compliance | Leave a comment

Here’s a blog post on something I didn’t even know existed until recently: Informix simple password encryption. This does what it says in the tin and nothing else: it encrypts the password you use to authenticate to the database server which is sent in the clear otherwise. If you weren’t aware of this then it’s certainly worth reading on!

I don’t know when this feature came into the product but some of my IBM contacts didn’t seem to be aware that it exists either and having tried to use it, it’s apparent that this is a cobweb area of the product with silly niggles stopping it from working properly in a client/server environment.

However it is a documented feature and the documentation is here. I’ve linked to the 11.70 docs but, as far as I can tell, the 12.10 docs are identical.

So why am I not using the more advanced network data encryption which has come into the product more recently, encrypts all your network traffic using SSL and is probably better supported? There are two reasons: this does more than I need and there will be an overhead to using SSL. This may be small but I have not had the chance to quantify it yet.

Below is what your auditor doesn’t want to see. Below is a TCP dump of me connecting to an environment called ‘test 4’ with user test_user and password ABCDefgh1234. I’m using a standard onsoctcp TCP connection.

To do this test I put in a file called connect.sql the code:

connect to 'sb_test4' user 'test_user' using 'ABCDefgh1234';

Then I connect using dbaccess:

$ dbaccess - connect.sql Connected. Disconnected.

At the server end I’m capturing traffic and (oh dear):

# tcpdump -nnvvXSs 1514 -i eth0 port 9099 and tcp

0x0000: 4500 01e5 1902 4000 4006 a0a9 ac10 936a E.....@.@......j 0x0010: ac10 93dc 80da 238b 42f5 709c 3748 53b9 ......#.B.p.7HS. 0x0020: 8018 0073 3af7 0000 0101 080a 43e7 699c ...s:.......C.i. 0x0030: f8a3 d51b 7371 4161 3042 5051 4141 7371 ....sqAa0BPQAAsq 0x0040: 6c65 7865 6320 7465 7374 5f75 7365 7220 lexec.test_user. 0x0050: 2d70 4142 4344 6566 6768 3132 3334 2039 -pABCDefgh1234.9 0x0060: 2e32 3430 2041 4141 2342 3030 3030 3030 .240.AAA#B000000 0x0070: 202d 6473 625f 7465 7374 3420 2d66 4945 .-dsb_test4.-fIE 0x0080: 4545 4920 4442 5041 5448 3d2f 2f74 6573 EEI.DBPATH=//tes 0x0090: 7434 5f74 6370 2043 4c49 454e 545f 4c4f t4_tcp.CLIENT_LO 0x00a0: 4341 4c45 3d65 6e5f 5553 2e38 3835 392d CALE=en_US.8859- 0x00b0: 3120 4e4f 4445 4644 4143 3d6e 6f20 434c 1.NODEFDAC=no.CL 0x00c0: 4e54 5f50 414d 5f43 4150 4142 4c45 3d31 NT_PAM_CAPABLE=1 0x00d0: 203a 4147 3041 4141 4139 6232 3441 4141 .:AG0AAAA9b24AAA 0x00e0: 4141 4141 4141 4141 4139 6332 396a 6447 AAAAAAAAA9c29jdG 0x00f0: 4e77 4141 4141 4141 4142 4141 4142 5041 NwAAAAAAABAAABPA 0x0100: 4141 4141 4141 4141 4141 6333 4673 5a58 AAAAAAAAAAc3FsZX 0x0110: 686c 5977 4141 4141 4141 4141 567a 6357 hlYwAAAAAAAAVzcW 0x0120: 7870 4141 414c 4141 4141 4177 414b 6447 xpAAALAAAAAwAKdG 0x0130: 567a 6444 5266 6447 4e77 4141 4272 4141 VzdDRfdGNwAABrAA 0x0140: 4141 4141 4141 6154 4141 4141 4141 4142 AAAAAAaTAAAAAAAB 0x0150: 746e 6457 5668 596d 5630 5958 4277 6448 tndWVhYmV0YXBwdH 0x0160: 4e30 4d44 6375 6332 7435 596d 5630 4c6d N0MDcuc2t5YmV0Lm 0x0170: 356c 6441 4141 4443 396b 5a58 5976 6348 5ldAAADC9kZXYvcH 0x0180: 527a 4c7a 4977 4141 4151 4c32 6876 6257 RzLzIwAAAQL2hvbW 0x0190: 5576 6447 6876 6258 427a 6232 3569 4141 UvdGhvbXBzb25iAA 0x01a0: 4275 4141 5141 4141 4153 4148 5141 4a51 BuAAQAAAASAHQAJQ 0x01b0: 4359 6c39 6b41 4143 6352 4142 7376 6233 CYl9kAACcRABsvb3 0x01c0: 4230 4c32 6c75 5a6d 3979 6257 6c34 4c32 B0L2luZm9ybWl4L2 0x01d0: 4a70 6269 396b 596d 466a 5932 567a 6377 Jpbi9kYmFjY2Vzcw 0x01e0: 4141 6677 00 AAfw.

You can see in bold both the user name and password.

Simple password encryption is easy to set up but, as we’ll see, the manual misses a step or two and a couple of hacks are needed to get this working. All the problems are at the client end and you won’t see them if you test the connectivity entirely within the server using a full engine install.

At the server end we need a concsm.cfg file, which by default lives in $INFORMIXDIR/etc/concsm.cfg but you can override with the easy to remember INFORMIXCONCSMCFG environment variable, which works in a similar fashion to INFORMIXSQLHOSTS.

My server concsm.cfg file contains the following:

SPWDCSM("/opt/informix_test4/lib/csm/libixspw.so", "", "p=1")

I also set up an additional sqlhosts entry:

test4_tcp_secure onsoctcp myserver 9101 csm=(SPWDCSM)

Finally I make sure test4_tcp_secure is listed as one of my DBSERVERALIASES in my onconfig and bounce the instance. Unfortunately I don’t think this parameter is dynamically configurable.

We can of course now test this all with the confines of the server and it will work!

Let’s move onto the client side where things are not quite as straightforward.

One of my mottos is that everyday is a school day and on one day last week I learnt that when you install the Informix server the gskit is installed for you. The gskit is mentioned in the machine notes for the Linux x86_64 release, for example:

14. Secure Sockets Layer


    IBM Informix Database Server uses the libraries and utilities provided by

    the IBM Global Security Kit (GSKit) for Secure Sockets Layer (SSL)

    communication. 
       a. Before uninstalling GSKit, verify that it is not needed on your

          system. It is possible that software other than Informix Database

          Server requires GSKit. Uninstall by identifying and removing GSKit

          packages using the command-line interface:
          Run rpm command with the -qa option to obtain a list of installed

          GSKit packages with their exact names.

          For example:

          rpm -qa | grep gsk
          As root user run the rpm command to remove each package as needed.

          For example:

          rpm -ev gskssl64-8.0.15.6 gskcrypt64-8.0.15.6 
       b. If you want to restore Secure Sockets Layer capability after you

          have uninstalled GSKit, see the readme file in $INFORMIXDIR/gskit

          for how to install GSKit.
15. Simple Password Communications Support Module

The name of the IBM Informix shared library for Simple Password CSM on Linux is libixspw.so.

I’ve also drawn attention to point 15, in case this is different on your platform.

The machine notes led me to check this (still on the server):

> rpm -qa | grep gsk gskssl32-8.0-15.6.i386 gskcrypt32-8.0-15.6.i386 gskcrypt64-8.0-50.10.x86_64 gskssl64-8.0-50.10.x86_64

At the client end I am using Client SDK 3.70.FC8DE. The set up steps are very similar to the server:

Create a concsm.cfg file, optionally using the INFORMIXCONCSMCFG variable.
Add a sqlhosts entry, similar to the server.

The concsm.cfg file on the client end is different to that on the server and reflects the different path to the libixspw.so file:

SPWDCSM("/opt/informix/lib/client/csm/libixspw.so", "", "p=1")

However on the client side it may be necessary to manually install the gskit. It is simple to do, run as user root:

$INFORMIXDIR/gskit/installgskit

This step isn’t obviously documented anywhere. I had to resort to strace on dbaccess to find what was wrong when my connection didn’t work:

open("/lib64/tls/libgsk8ssl_64.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib64/libgsk8ssl_64.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libgsk8ssl_64.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib64/libgsk8ssl_64.so", O_RDONLY) = -1 ENOENT (No such file or directory) munmap(0x7fc5d5299000, 40473) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV (core dumped) +++ Segmentation fault (core dumped)

The above gave me enough clues to find references to the gskit in the manual and fix the problem.

There is another gremlin as well and without this fix you will see unhelpful error messages like this when using dbaccess:

14581: Cannot open file 'css.iem'.

It turns out it’s necessary to add links to some of the language files, which have different names when distributed with Client SDK to the server.

The above error message can be fixed on the client by doing the following:

cd $INFORMIXDIR/msg/en_us/0333 ln -s ccss.iem css.iem

IBM Informix support also pointed out that this is needed too:

ln -s ccsm.iem csm.iem

It turns out these steps are necessary only for dbaccess and not for applications using IConnect. Hopefully these will be fixed in a future Client SDK version.

Lastly a repeat of my tcpdump test with an encrypted password:

0x0000: 4500 01e7 2471 4000 4006 9538 ac10 936a E...$q@.@..8...j 0x0010: ac10 93dc a457 238d 3bd6 ab8f e3a9 caed .....W#.;....... 0x0020: 8018 0073 1b2e 0000 0101 080a 4418 8fe2 ...s........D... 0x0030: f8d4 fb61 7371 4161 3842 5051 4141 7371 ...asqAa8BPQAAsq 0x0040: 6c65 7865 6320 7465 7374 5f75 7365 7220 lexec.test_user. 0x0050: 2039 2e32 3430 2041 4141 2342 3030 3030 .9.240.AAA#B0000 0x0060: 3030 202d 6473 625f 7465 7374 3420 2d66 00.-dsb_test4.-f 0x0070: 4945 4545 4920 4442 5041 5448 3d2f 2f74 IEEEI.DBPATH=//t 0x0080: 6573 7434 5f74 6370 5f73 6563 7572 6520 est4_tcp_secure. 0x0090: 434c 4945 4e54 5f4c 4f43 414c 453d 656e CLIENT_LOCALE=en 0x00a0: 5f55 532e 3838 3539 2d31 204e 4f44 4546 _US.8859-1.NODEF 0x00b0: 4441 433d 6e6f 2043 4c4e 545f 5041 4d5f DAC=no.CLNT_PAM_ 0x00c0: 4341 5041 424c 453d 3120 3a41 4730 4141 CAPABLE=1.:AG0AA 0x00d0: 4141 3962 3234 4141 4141 4141 4141 4141 AA9b24AAAAAAAAAA 0x00e0: 4141 3963 3239 6a64 474e 7741 4141 4141 AA9c29jdGNwAAAAA 0x00f0: 4141 4241 4141 4250 4141 4141 4141 4141 AABAAABPAAAAAAAA 0x0100: 4141 4163 3346 735a 5868 6c59 7741 4141 AAAc3FsZXhlYwAAA 0x0110: 4141 4141 4156 7a63 5778 7041 4141 4c41 AAAAAVzcWxpAAALA 0x0120: 4141 4141 7741 5264 4756 7a64 4452 6664 AAAAwARdGVzdDRfd 0x0130: 474e 7758 334e 6c59 3356 795a 5141 4161 GNwX3NlY3VyZQAAa 0x0140: 7741 4141 4141 4141 4c43 6a41 4141 4141 wAAAAAAALCjAAAAA 0x0150: 4141 625a 3356 6c59 574a 6c64 4746 7763 AAbZ3VlYWJldGFwc 0x0160: 4852 7a64 4441 334c 6e4e 7265 574a 6c64 HRzdDA3LnNreWJld 0x0170: 4335 755a 5851 4141 4177 765a 4756 324c C5uZXQAAAwvZGV2L 0x0180: 3342 3063 7938 794d 4141 4145 4339 6f62 3B0cy8yMAAAEC9ob 0x0190: 3231 6c4c 3352 6f62 3231 7763 3239 7559 21lL3Rob21wc29uY 0x01a0: 6741 4162 6741 4541 4141 4145 6742 3041 gAAbgAEAAAAEgB0A 0x01b0: 4355 416d 4a66 5a41 4141 6e45 5141 624c CUAmJfZAAAnEQAbL 0x01c0: 3239 7764 4339 7062 6d5a 7663 6d31 7065 29wdC9pbmZvcm1pe 0x01d0: 4339 6961 5734 765a 474a 6859 324e 6c63 C9iaW4vZGJhY2Nlc 0x01e0: 334d 4141 4838 00 3MAAH8.

The password has gone. Where has it gone? It’s a bit hard to say given it’s now encrypted but having checked the tcpdump for the entire session I am sure that:

It is not sent in the clear.
We are not authenticating by hosts.equiv or any other passwordless means.
Sending the wrong password leads to a log on failure.

Auditing and onaudit

Posted: 21 July, 2015 | Author: Ben Thompson | Filed under: Compliance, Monitoring | Tags: audit, compliance, IC89645, informix, IT08812, onaudit, PCI-DSS | Leave a comment

Compliance is one of those things you can hardly ignore as a DBA these days. Whether it’s a PCI-DSS, financial or internal best practice audit, at some point someone is going to ask you whether you are using database auditing. In my experience the auditors struggle to ask Informix specific questions but this is one that always comes up.

I guess there are three answers to this question:

Yes, we use database auditing.
No we don’t use Informix auditing but we have a third party solution somewhere else in the stack that means someone else worries about it.
Can we have a compensating control, please?

Rarely I find that auditors are too concerned about the detail of what you’re actually auditing. If you can log in, do some stuff and show them that this resulted in some messages in the audit log, they are usually happy. They are usually more concerned about where the logs go, who can read them and so on.

While the auditors are clearly not Informix DBAs familiar with all the auditing pneumonics, they are not daft and know they can take most of what they asked for granted next year and ask more probing questions next time.

So should you look at onaudit for your requirements? It’s been around a long time but I expect it may see a pick up in interest as more and more systems take payments in one way or another. In some ways it could do with some updates. Integration with syslog, allowing easy upload to a centralised question, is needed. There is an RFE open for this (id 58678). It’s not mine but it had six votes when I last checked and it deserves more!

Positives about onaudit include:

It’s free with all editions.
Provided you stay away from selective row auditing (I don’t cover this in this blog post) and don’t try to audit much or any of what your application does the overhead is negligible.
It gives you as a DBA a clearer idea of what is happening on your system.

So I think it’s certainly worthy of consideration. I know some customers prefer security solutions external to the database like Guardium but these are costly. I don’t know much about them so I shall leave that thought there.

Auditing needs to be part of a more general secure framework. If everyone at your site logs in as user informix or any shared account, the worst case being the same account as your application, it’s not going to be as useful. Applying rules by user will be difficult or impossible.

Some sites I’ve seen let DBAs do all their work as user informix. It definitely saves developing a more secure framework for DBAs to work in (this is not a good thing!) but has disadvantages. Even if you avoid shared passwords by using sudo to informix (on UNIX) having logged in as yourself, you’d need then to cross-check with the secure logs on your server to see who it was and if two people have escalated privileges at the same time it can be tricky to distinguish their actions. Ideally you need DBAs and every other real person working under their own user ids as much as possible.

To work as a DBA without access to the informix account you simply add yourself to the same group as the group owning the $INFORMIXDIR/etc folder and grant yourself dba in any databases you need to do DDL in, plus sysmaster, sysadmin, sysutils, sysha and sysuser but it still presents the following challenges which may require specific sudo type solutions:

Starting an instance; stopping one is no problem.
Running xtrace and certain oncheck commands.

Additionally as a DBA you may need root access occasionally for installations, upgrades and to use debuggers.

So before you even start there are some highly desirable prerequisites:

Your applications use their own account or (ideally) accounts and real users cannot run ad-hoc sessions using these.
Real users don’t use shared accounts (and especially not shared passwords). This means locking down the informix account.
DBAs practise what they preach and administer the system under their own accounts as much as possible.

Getting this far can be a struggle but even if you’re only some of the way there, you can still proceed.

The next step is consider whether to install Informix with role separation. I’m not going to discuss this at length so I’ll point to the documentation. There are no real gotchas here: it works pretty much as it says on the tin. The key idea is that it separates the DBAs from the people who decide what should be audited and who can see the audit trail. In practice I think total separation is impossible because the people deciding what should be audited need to understand the impact on the system of what they audit and the volume of data this produces. It is certainly possible to slow a system down by auditing every update.

So you’re now ready to switch on auditing? Nearly. If you monitor your system via onstat or have scripts which call onmode, ‘onmode -c [un]block’ being a specific example where care is required, you need to be aware that in all but the latest Informix releases, this includes right up to 12.10.FC5W1, as soon as you switch on auditing your onstat and onmode commands will run more slowly. This can also affect admin API command equivalents and not just the ones which are direct equivalents for onmode. The situation can get quite bad when lots of these commands run at the same time, leading to significant delays in the response from these commands.

Fortunately there are some fixes for this:

IC89645

TURNING ON THE AUDITING LEVEL 1 ADDS AN UNNECESSARY DELAY TO ONSTAT AND ONMODE COMMANDS

This has been around for a while and appeared in 11.70.FC7W1. However it is not very effective and only eliminates the delay if the volume of onstat commands being run on your system is low.

IT08812

TURNING ON THE AUDITING LEVEL 1 ADDS AN UNNECESSARY DELAY TO ONSTAT & ONMODE COMMANDS

This is completely effective and means that onstat and onmode behave identically to when auditing is switched off but it only works if you do not have any audit masks which log the use of these commands.

There are workarounds for the auditing delay such as using sysmaster equivalents for the onstat commands and performing onstat commands inside an onstat -i interactive session.

Finally you’ll want to consider setting up some audit masks. I take the following approach to this:

_require mask
: This mask defines the minimum events to be audited for all users. I put everything that’s common in here.
_default mask: If an account is not assigned a specific mask, it will pick up all the events in there. To avoid having to assign masks to all real users, I don’t assign them any mask and then they automatically inherit this one (in addition to what is in the _require mask).
Other masks: For my applications and other accounts needing special treatment, I create a custom mask and assign it to the user.

Finally if you’re feeling brave switch auditing on with some commands like:

onaudit -p /path/to/audit/trail onaudit -s 1048576 # 1 Mb files onaudit -e 0 onaudit -l 1

Now there is just that application security model for you to tackle.

Good luck and may you sail through your audits!

Large parallel index builds and temp space

Posted: 7 July, 2015 | Author: Ben Thompson | Filed under: Instance and operating system tuning, SQL query tuning, Storage schema management | Tags: informix, parallel index build, temp space | Leave a comment

This is a quick post about parallel index builds. Today I was building with PDQPRIORITY a unfragmented detached index on a large table fragmented by range with ten large fragments and I saw this message in the online log:

10:28:53 WARNING: Not enough temp space for parallel index build. Space required = 110566014 pages; space available = 8385216 pages. Partial index build started.

You can see I am quite a long way short of the temp space required here; I need just over thirteen times more.

In this instance I have eight temporary dbspaces available and all are listed in the DBSPACETEMP onconfig parameter and I have no local override. They are all 2 Gb and using a 16 kb page size so have 131072 pages each and, as I am in single user mode, I know they are all free. onstat -d confirms that 131019 pages of 131072 are free in each of them. In case it’s relevant I also have 1,027,203 2 kb pages free in rootdbs.

The first thing that confuses me is the 8,385,216 pages the online log message says are available, which is more than I actually have. 131019 * 8 = 1048152. I think this is a bug as it’s a factor of 8 out. It’s probably assuming a 2 kb page size somewhere and my 16 kb dbspaces are a 8x multiple of this. I am using Linux so is Informix using native page size units and just not making it clear?

The index I am creating is on a bigint field and there are 7,076,224,823 rows. If I assume 110,566,014 pages actually means 210 Gb, the engine is calculating 32 bits/row or 4 bytes/row exactly which sounds right.

Anyway despite the message in the online log I am comforted by this IBM support article which tells me:

You do not have to take action. This is a warning. The database server will create the index one fragment at a time, instead of all at once.

However, it does advise me that cancelling the statement, adding more temp space and starting again would be a good idea. This is prescient as we’ll see.

Analysing this now it is probably going to fail somewhere because I need thirteen times more space but the engine can only divide the workload by working on a single fragment at a time. There are ten and they are not all exactly the same size. In fact my largest fragment has 1,950,612,068 rows, 27% of the total and based on 4 bytes/row the largest fragment I can handle would have only 536,653,818 rows. I suspect this means to succeed I will need at least 30,478,314 2 kb pages available to complete the build. I hope this all makes sense anyway!

Foolhardily and possibly because I get distracted by something I leave it to run. More messages appear in the log as the build progresses:

11:22:33 WARNING: Not enough temp space for parallel index build. Space required = 110566014 pages; space available = 8385216 pages. Partial index build started. 12:19:28 WARNING: Not enough temp space for parallel index build. Space required = 110566014 pages; space available = 8385216 pages. Partial index build started. 13:27:03 WARNING: Not enough temp space for parallel index build. Space required = 110566014 pages; space available = 8385216 pages. Partial index build started. 13:47:56 Session Insufficient space in temporary dbspaces: Creating the temporary table in the root dbspace, Temporary table size is 17632 pages.

Nearly four hours after it began at 14:27:41 my index build fails with:

212: Cannot add index. 179: ISAM error: no free disk space for sort

Harumph.

I guess there are two annoying things about this:

The support article is only right if your largest fragment will not require more space than is available.
The failure could have been foreseen at the beginning by looking at row counts.

Anyway, I hope this helps. If I get time I will do some more testing on this to confirm some of the assumptions I have made in writing this article. Feedback is welcome as ever (via https://informixdba.wordpress.com for those of you reading this on PlanetIDS)!

Experience with Auto Update Statistics (AUS)

Posted: 30 April, 2015 | Author: Ben Thompson | Filed under: Instance and operating system tuning, Monitoring, SQL query tuning | Tags: AUS, Auto Update Statistics, AUTO_STAT_MODE, DBUPSPACE, IC91678, PSORT_DBTEMP, PSORT_NPROCS, STATCHANGE, USTLOW_SAMPLE | 1 Comment

Introduction

This is based on my previous blog post, Working with auto update statistics which I’ve expanded and significantly improved. I presented this at the Informix International User Group Conference 2015.

Let’s start at the beginning. Why do we run UPDATE STATISTICS at all? When we write an SQL query and send it to the database engine to execute, there may be several ways that the engine can run the query. For example if there are two tables the engine can start with the first table and join the second to it or begin with the second and join the first. There may be also two filter conditions, one of which may very specific and pick out only a few rows; the other may be very general. It should be apparent that some ways are more efficient than others, sometimes by several orders of magnitude.

Informix uses a cost-based optimizer to determine how to run queries. This relies on metadata to provide information about how large tables are, how many distinct values there are and other information about your data. We call these pieces of information statistics and if we also have a histogram of a column showing the abundance of specific values or ranges we call this a distribution.

The optimizer looks at possible query plans and chooses the one with the lowest costs assigned to it, according to the statistics and distributions. This may or may not be the best plan possible; if not you may see poor performance. Inaccurate cost predictions could be because your statistics are inadequate or out of date.

Maintaining the statistics and distributions is a key DBA responsibility.

What statistics and distributions should you maintain? The purpose is to ensure the optimizer selects the most efficient query plan for your queries.

These query plans should be stable over time. Normally stability is achieved through not changing things: this is why your Change Manager likes to say no (sometimes). However, with UPDATE STATISTICS stability comes from regularly refreshing your statistics and distributions: this is a change to your system you may be doing daily.

A slide from my presentation to the IIUG 2015 Conference.

What statistics do you need? The Informix Performance Guide offers a general set of recommendations. However:

They may be more than you need and therefore more to maintain, which could be a headache with a large system.
In some specific cases they may not be good enough. The result of this can be an application codebase full of query directives (instructions to the optimizer to run queries in a particular way).
The guide doesn’t say much about how frequently you should run UPDATE STATISTICS.

Statistics and distributions

Statistics	Distributions
Updated by UPDATE STATISTICS [LOW]. systables: nrows: number of rows. npused: number of pages used on disk. ustlowts: when UPDATE STATISTICS was last run. syscolumns: for indexed columns only: colmin: the second lowest value. colmax: the second highest value. sysindices: levels: number of B-Tree levels. leaves: number of leaves. nunique: number of unique values in the first column. clust – incremented when values in the index are different to the last: max value is the number of rows; a low number indicates lots of duplicates. nrows: number of rows. ustlowts: when UPDATE STATISTICS was last run. ustbuildduration: time to build index statistics.	Updated by UPDATE STATISTICS MEDIUM or HIGH. Consist of histograms for values or value ranges in equally sized buckets in sysdistrib. Fragment-level statistics are stored in sysfragdist.

Statistics

Distributions

Updated by UPDATE STATISTICS [LOW].
systables:
- nrows: number of rows.
- npused: number of pages used on disk.
- ustlowts: when UPDATE STATISTICS was last run.
syscolumns: for indexed columns only:
- colmin: the second lowest value.
- colmax: the second highest value.
sysindices:
- levels: number of B-Tree levels.
- leaves: number of leaves.
- nunique: number of unique values in the first column.
- clust – incremented when values in the index are different to the last: max value is the number of rows; a low number indicates lots of duplicates.
- nrows: number of rows.
- ustlowts: when UPDATE STATISTICS was last run.
- ustbuildduration: time to build index statistics.

Updated by UPDATE STATISTICS MEDIUM or HIGH.
Consist of histograms for values or value ranges in equally sized buckets in sysdistrib.
Fragment-level statistics are stored in sysfragdist.

Auto Update Statistics (AUS) basics

Auto Update Statistics (AUS) consists of two database scheduler jobs. These are stored in the sysadmin database in table ph_task with configuration settings in ph_threshold.

Auto Update Statistics Evaluation: This calls a set of stored procedures which populate the sysadmin:aus_command table with a prioritized list of UPDATE STATISTICS commands to run. The code for these procedures is in $INFORMIXDIR/etc/sysadmin/sch_aus.sql
Auto Update Statistics Refresh: This is a UDR that does the work of calling the UPDATE STATISTICS commands. In older versions this was done with SPL code. Auto Update Statistics Refresh cannot be called even manually without the database scheduler running.

If your instance has a stop file ($INFORMXDIR/etc/sysadmin/stop) to prevent the scheduler initialising with the instance you must remove it. Before you do so it’s a good idea to review which jobs are enabled (tk_enable='t') in the ph_task table. (Using a stop file is a bad idea with 12.10 because running without the scheduler stops some system processes from functioning, so if you’re doing this, you ought to change it even if you don’t want to use AUS.)

One advantage of AUS is that it works on all of your databases, including sysmaster.

Instance parameters affecting UPDATE STATISTICS

Three onconfig parameters affect statistics maintenance, independently of the tool you use to update statistics:

Parameter	Description
AUTO_STAT_MODE	Controls whether to only update statistics or distributions the engine considers stale when running UPDATE STATISTICS.
STATCHANGE	Controls the percentage change beyond which statistics are considered stale if AUTO_STAT_MODE is enabled. This can be overridden at table level.
USTLOW_SAMPLE	Whether to use sampling for UPDATE STATISTICS LOW.

AUS specific parameters

AUS’s configuration settings stored in ph_threshold work independently of these system level settings.

These can be updated via SQL without using OpenAdmin Tool:

UPDATE sysadmin:ph_threshold SET value='0' WHERE name='AUS_CHANGE';

Parameter	Description
AUS_AGE	The number of days after gathering statistics that they are considered stale.
AUS_CHANGE	Prioritises tables based on the percentage of rows that have changed. This is not to be confused with STATCHANGE.
AUS_PDQ	The PDQPRIORITY to use while updating statistics. If you are using workgroup edition set this to 0 to avoid annoying messages in the online log about not being allowed to use PDQ.
AUS_SMALL_TABLES	The small table row threshold. These tables are considered volatile and updated on every run.
AUS_RULES	0 When set to zero, AUS updates any existing distributions only and won’t ensure that a minimum set of distributions exists according to rules. This allows you more fine-grained control of what you maintain. Be aware that creating an index automatically builds HIGH mode distributions on leading columns with data so if you don’t want these you would need to drop them. 1 Where no existing distributions exist, AUS will create: HIGH mode distributions on all leading index columns. MEDIUM mode distributions on other indexed columns. For most systems ‘1’ is the value you should use. If in doubt, use this.

You’ll notice in the description for AUS_RULES=1 that AUS does not automatically generate any distributions on non-indexed columns. However it will maintain any existing distributions regardless of the value of AUTO_AUTO_RULES, even if AUS wouldn’t have created them if they didn’t exist.

Non-indexed columns and distributions

If you are migrating from dostats you will have MEDIUM mode distributions on all non-indexed columns. It’s possible to drop these on individual columns using:

UPDATE STATISTICS LOW FOR TABLE <tab name> (<colname>) DROP DISTRIBUTIONS ONLY;

I’d test before doing anything like this so you may just choose to leave them in and let AUS maintain them. If UPDATE STATISTICS MEDIUM doesn’t take very long on your system this is probably the best choice.

Are these distributions important? My answer is that it depends but, more often than not, no. The Informix Performance Guide recommends you have them but this is just a general recommendation. At this point it’s important not to lose sight of the fact that the goal is not to have the most comprehensive, high-resolution and up to date statistics possible; it is to ensure you can guarantee that your queries always run efficiently. Given that we can’t be updating statistics and distributions on all columns all of the time some compromises are inevitable.

Often when running a query the main risk is the optimizer choosing to use sequential scans instead of an index. This risk is greatly reduced, if not eliminated, if the onconfig parameter OPTCOMPIND is set 0. The downside of this is that the optimizer won’t select a sequential scan when it is the best query plan available unless there are no other options.

In general distributions on a column are more useful if there is some skew in the data. However be aware that for non-indexed columns syscolumns.colmin and syscolumns.colmax are never populated by UPDATE STATISTICS LOW so the optimizer is truly blind about the data ranges without a distribution.

I’m going to run through an example now using this table:

people table			indices
person_id	serial	not null	ix_people1	(person_id)
name	varchar(254)	not null	ix_people2	(age)
gender	char(1)	not null
age	int	not null

The table will be populated with random ersatz data as follows:

1 million rows.
Ages evenly distributed between 5 and 84.
75% female, 25% male.

I’ll be running this query:

SELECT name FROM people WHERE age BETWEEN 18 AND ? AND gender=?

And tweaking these parameters:

Upper age limit in the query.
Gender in the query.
Whether I have a medium mode distribution on gender.
The value of OPTCOMPIND in the onconfig.

My results were as follows:

Upper age	Gender	Actual rows returned	Medium mode distribution on gender?	OPTCOMPIND	Estimated rows	Estimated cost	Plan
25	f	74817	No	0	9988	21104	Index path
			No	2	9988	21104	Index path
			Yes	0	75539	21104	Index path
			Yes	2	75539	21104	Index path
25	m	25061	No	0	9988	21104	Index path
			No	2	9988	21104	Index path
			Yes	0	24539	21104	Index path
			Yes	2	24539	21104	Index path
30	f	121748	No	0	16232	38477	Index path
			No	2	16232	33923	Sequential scan
			Yes	0	122439	38477	Index path
			Yes	2	122439	33923	Sequential scan
30	m	40572	No	0	16232	38477	Index path
			No	2	16232	33923	Sequential scan
			Yes	0	39881	38477	Index path
			Yes	2	39881	33923	Sequential scan

What conclusions can we draw from this example?

OPTCOMPIND was a determining factor, not the presence of a medium mode distribution on gender.
Having the distribution gave a much better estimate of the number of rows returned.
The optimizer never used a different plan for the male or female queries.

Of course this is one example and you may have some different ones.

Columns with incrementing values

Let’s illustrate a different point with another example.

Maintaining distributions on any sort of log or journal where there is a timestamp field can be a problem. The highest value in your distribution is wrong almost immediately after calculating it because new rows are being added all the time with later timestamps. This means that if you do a query over recently added data your distributions may tell the optimizer that there’s no data.

ledger table			indices
line_id	serial	not null	ix_ledger1	(line_id)
account_id	int	not null	ix_ledger2	(account_id, creation_time)
creation_time	datetime year to second	not null	ix_ledger3	(creation_time)
			ix_ledger4	(account_id)

for_processing table			indices
line_id	int	not null	ix_fp1	(line_id)
creation_time	datetime year to second	not null	ix_fp2	(creation_time)

Both of these tables have over 1 million rows and new rows being added continuously.

I am going to run this query:

SELECT  FIRST 5  l.line_id, l.creation_time  FROM  ledger l,  for_processing f  WHERE  f.line_id = l.line_id AND  l.account_id = 50 AND  f.creation_time BETWEEN  '2015-02-02 17:00:00' and '2015-02-02 21:00:00';

There are two conceivable ways to run this query:

Use the index on creation_time on for_processing, join to the ledger table on line_id and then filter on the account_id column.
Use the index on account_id on the ledger table, join by line_id and then filter on the creation_time column.

The risk with the first one is that a lot of rows are read, only to eliminate the vast majority of them when the account_id criterion is applied.

The optimizer may prefer to drive off creation_date, particularly if the distribution indicates there are no data past the time the distribution was gathered. This is because it believes (wrongly) that selecting from a date range in the for_processing table where it believes there is no data at all, avoiding the need to do any work, is more efficient than selecting out an account from the ledger and then joining the for_processing table.

This can be very slow for large date ranges. This is particularly true when there are a large number of accounts.

Can AUS help you here? Not really, this example is more to point out a danger. The risk of running into a problem like this can be massively increased if you use the default STATCHANGE value of 10. This is because here it is the age of the distributions that matters, not how much the data has changed.

My recommendation is:

In your onconfig either:

set AUTO_STAT_MODE to 0.

Or set STATCHANGE to 0 if AUTO_STAT_MODE is 1.

If there are tables for which this is not appropriate, do so at the table level:

ALTER TABLE <tabname> STATCHANGE <percent>;

In my view restricting updates only when there have been absolutely no changes is the only safe way.

There is an undocumented feature that can help here:

IC91678: Informix optimizer vulnerable to poor query response on incrementing columns.

However the fix is not switched on unless you set onconfig parameter: SQL_DEF_CTRL 0x2. This can be switched on dynamically with onmode -wm. With this switched on, date/time distributions are effectively extended into the future by up to 30 days. While the answer to the question how old can my statistics and distributions be is nearly always it depends, with this switched on there is a hard limit.

In Informix 12.10.FC5 the fix is included and is now the default behaviour.

The date or datetime column concerned must have a default value of TODAY or CURRENT. The code also compares the last timestamp in the distribution with the time the distribution was gathered. The two must be close together to activate the feature.

This fix also works on serial, serial8 and bigserial fields.

This feature is a little tricky to test because you must:

Populate the tables with a large volume of data.
Update the distributions.
Add some more data with later timestamps.
Wait a while!

Here are my results:

	Date range
	Within the distribution bounds	Beyond the distribution upper bound	Beyond the distribution upper bound with IC91678
Query drives off	account_id	creation_time	account_id
Costs: lead with account_id	264	398	398
Costs: lead with creation_time	79004	4	398
Estimated rows	20	1	1
Actual rows	10	1	1

Wildcard queries and insufficient distribution resolution

Another problem you may have with the standard distributions created by UPDATE STATISTICS HIGH is insufficient resolution. By default the data are divided into 200 equal-sized buckets (resolution 0.5) and this may not suffice for some wildcard queries. The optimizer may be grossly wrong in its estimates for the number of rows returned and this can be improved by increasing the number of buckets.

customer table			indices
customer_id	serial	not null	ix_customer1	(customer_id)
user_name	varchar(50)	not null	ix_customer2	(user_name)

Again this table will be populated with random ersatz data as follows:

9 million rows.
This gives a distribution bucket size of 45000 with 0.5 resolution.

And my query:

SELECT FIRST 1000 customer_id, user_name FROM customer WHERE user_name LIKE 'BAN%' ORDER BY customer_id;

Look at the query carefully. It’s the sort of query you might get from a web customer search form. The ORDER BY on customer_id is important because it gives the engine the option of avoiding sorting any data if this index is used to select the data. If the optimizer thinks the user_name criterion is not very selective, i.e. there are a lot more than 1000 customers whose user name begins with the letters BAN and it will find them quickly without reading many rows, it may prefer this query plan.

There are two credible plans for this query:

Use the index on user_name, read all the rows it points to and then sort on customer_id, return the first 1000.
Use the unique index on customer_id, read the rows it points to, filter, stop at 1000 rows. This plan does not require a sort.

There is a third option of scanning the entire table but it’s unlikely the optimizer will choose this.

Let’s look at the results of running this query with a standard HIGH mode distribution on customer_name, a second distribution with ten times the resolution and no distribution at all.

	Distribution
Variable	HIGH 0.5 resolution	HIGH 0.05 resolution	No distributions
Selected index (no directive)	customer_id	customer_name	customer_id
Costs: lead with customer_id	3480	313249	174
Costs: lead with user_name	567525	1214	12435040
Estimated rows	90000	1000	1800000
Actual rows	1028	1028	1028

This example is real but also carefully selected because different three letter combinations may give different and more sane results, even with the standard distribution resolution.

If instead I run this query:

SELECT FIRST 1000 customer_id, user_name FROM customer WHERE user_name LIKE 'TDM%' ORDER BY customer_id;

I get:

	Distribution
Variable	HIGH 0.5 resolution	HIGH 0.05 resolution	No distributions
Selected index (no directive)	customer_name	customer_name	customer_id
Costs: lead with customer_id	135723	313249	174
Costs: lead with user_name	2909	1214	12435040
Estimated rows	2308	1000	1800000
Actual rows	801	801	801

AUS makes maintaining custom resolutions (or confidence levels with UPDATE STATISTICS MEDIUM) very easy. Simply run UPDATE STATISTICS manually to gather the desired distribution. AUS will maintain this resolution for you.

How frequently should I run UPDATE STATISTICS?

A common question a DBA may ask is how often is it necessary to UPDATE STATISTICS? A straightforward if unhelpful answer is often enough to ensure efficient query plans. More specifically:

On tables without columns with incrementing values, by which I mean that new values lie inside the range of the existing data, or where these columns are not used in the selection criteria for queries, it may be safe to use STATCHANGE (with AUTO_STAT_MODE) to regulate the frequency based on percentage change at the table level.
With incrementing values the working set can quickly get beyond the min/max values in the statistics or distributions. Here I’d recommend being much more aggressive and update based on age, regardless of the volume of change. This especially applies to your distributions.

If your system is small enough that you can run a full UPDATE STATISTICS every day there is no harm in doing this. It is probably overkill but it is one way of playing safe. To do this set AUS_CHANGE to 0 and make sure both the scheduler and the evaluator run daily. For larger systems you do need to be more selective about how often you run UPDATE STATISTICS.

Monitoring AUS

Does AUS just work? Well yes, it was aimed at the embedded market and it is pretty robust. On a larger system there is more to go wrong and so I’d recommend you check that:

the parameters are set correctly (in case they change if you rebuild the sysadmin database, for example).
there are no errors running UPDATE STATISTICS.
all statistics and distributions are sufficiently up to date.
the window you give the refresh job to run in is long enough.

Check	Notes
Correct parameters	Job scheduler running and dbScheduler thread exists. Evaluator and refresh tasks are enabled and have the expected schedules. AUS_AGE, AUS_CHANGE, AUS_AUTO_RULES, AUS_PDQ and AUS_SMALL_TABLES set correctly.
No errors	No errors reported in the aus_command table (`aus_cmd_state='E'`).
Statistics and distributions sufficiently up to date	Query system tables to get the age of statistics and distributions. Fairly complex check, particularly if using STATCHANGE>0. Then need to consider ninserts, nupdates and ndeletes columns. Statistics: Find tables where systables.ustlowts older than your threshold and then check whether it is in the result set of this SQL: SELECT {+ORDERED} st.tabname FROM sysdistrib sd, systables st, sysmaster:sysptnhdr sp WHERE sd.tabid = st.tabid AND st.partnum = sp.partnum AND sd.tabid > 99 AND st.ustlowts > <days old> AND (sp.ninserts - sd.ninserts) + (sp.nupdates - sd.nupdates) + (sp.ndeletes - sd.ndeletes) > 0 AND ( st.statchange IS NOT NULL AND ( st.statchange = 0 OR ((sp.ninserts - sd.ninserts) + (sp.nupdates - sd.nupdates) + (sp.ndeletes - sd.ndeletes))/st.nrows100 > st.statchange ) OR ( st.statchange IS NULL AND ( <onconfig STATCHANGE parameter> = 0 OR ((sp.ninserts - sd.ninserts) + (sp.nupdates - sd.nupdates) + (sp.ndeletes - sd.ndeletes))/st.nrows100 > <onconfig STATCHANGE parameter>) ) ) GROUP BY st.tabname UNION SELECT {+ORDERED} st.tabname FROM sysdistrib sd, systables st, sysfragments sf, sysmaster:sysptnhdr sp WHERE sd.tabid = st.tabid AND st.tabid = sf.tabid AND sf.partn = sp.partnum AND sd.tabid > 99 AND st.statchange is not null AND sf.fragtype='T' AND st.ustlowts > <days old> GROUP BY st.tabname HAVING (SUM(sp.ninserts) - AVG(sd.ninserts)) + (SUM(sp.nupdates) - AVG(sd.nupdates)) + (SUM(sp.ndeletes) - AVG(sd.ndeletes)) > 0 AND ( MIN(st.statchange) = 0 OR (SUM(sp.ninserts) - AVG(sd.ninserts)) + (SUM(sp.nupdates) - AVG(sd.nupdates)) + (SUM(sp.ndeletes) - AVG(sd.ndeletes))/AVG(st.nrows)100 > MIN(st.statchange) ) Distributions: SELECT DISTINCT tabname, colname, TODAY - sd.constr_time st.nrows FROM sysdistrib sd JOIN systables st ON (sd.tabid = st.tabid) JOIN syscolumns sc ON (sd.tabid = sc.tabid AND sd.colno = sc.colno) JOIN sysmaster:sysptnhdr sph ON (sph.partnum = st.partnum) WHERE sd.tabid > 99 AND (sph.ninserts - sd.ninserts) + (sph.nupdates - sd.nupdates) + (sph.ndeletes - sd.ndeletes) > 0 AND ( st.statchange IS NOT NULL AND ( st.statchange = 0 OR ((sph.ninserts - sd.ninserts) + (sph.nupdates - sd.nupdates) + (sph.ndeletes - sd.ndeletes))/st.nrows100 > st.statchange ) OR ( st.statchange IS NULL AND ( <onconfig STATCHANGE parameter> = 0 OR ((sph.ninserts - sd.ninserts) + (sph.nupdates - sd.nupdates) + (sph.ndeletes - sd.ndeletes))/st.nrows*100 > <onconfig STATCHANGE parameter>) ) ) AND (TODAY - DATE(sd.constr_time)) >= <days old> ORDER BY 4, 3 DESC
Long enough window in which to run commands	No pending commands at the end of the refresh task window (`aus_command.aus_cmd_state='P'`);

UPDATE STATISTICS FOR PROCEDURE

How does AUS deal with stored procedure plans as stored in sysprocplan? Well it doesn’t directly and does not call UPDATE STATISTICS FOR PROCEDURE [procname].

My take on this is that routines referencing updated tables will be recompiled anyway the first time they are called immediately after running UPDATE STATISTICS. On a busy OLTP system this will probably happen before you have chance to update procedure plans manually. If you do have reason to do this, you will need to do it manually and if you do don’t set PDQPRIORITY.

If your system does have dead time there may be a small advantage to running this but I don’t think it really matters that much.

Method for running UPDATE STATISTICS [LOW]

Let’s now look at how AUS actually calls UPDATE STATISTICS. As discussed earlier the evaluation task creates a list of commands to run and these are run by the refresh task exactly as you see them when you query the aus_command table.

Let’s start by considering UPDATE STATISTCS [LOW].

AUS simply calls UPDATE STATISTICS [LOW] as one command without specifying any column names and I have seen it suggested that this is a bad thing (I don’t agree). The popular alternative, dostats, runs UPDATE STATISTICS LOW separately for each index key. Performance-wise there is not as much difference as you might expect, I suspect this is because data tend to be in the buffer cache on repeated calls. But is there any difference to the end result?

Using Informix 11.70.FC7W1 I performed the following test:

Created two identical empty tables with twelve indices and loaded both with the same data.
Ran AUS on one, dostats on the other.
Unloaded and compared systables, syscolumns and sysindices for both tables.

Apart from tabid, tabname, index names and build times, the unloads were identical. My conclusion is that is no difference and AUS is slightly faster because it is done with one command in a single pass.

Performance of UPDATE STATISTICS [LOW]

In terms of performance there is actually very little you can do to influence the speed of UPDATE STATISTICS LOW. The parameters DBUPSPACE, PSORT_NPROCS and even PDQPRIORITY have no effect.

Setting USTLOW_SAMPLE in the onconfig file is the only performance optimisation available apart from general server tuning.

It is supposed to be possible to get parallel scan threads for all fragmented indices when PDQPRIORITY is set to at least 10 but I can’t reproduce this. This only works with USTLOW_SAMPLE is switched off.

Performance of UPDATE STATISTICS MEDIUM or HIGH

For UPDATE STATISTICS HIGH and MEDIUM there are a few parameters that can influence performance and with the exception of PDQPRIORITY you can’t use any of them with AUS. In summary they are:

DBUPSPACE: three parameters in one controlling four things:
- how much memory and disk are available for sorting when PDQPRIORITY is not set.
- whether to use indices for sorting.
- whether to print the explain plan.
DBSPACETEMP: overrides default onconfig value.
PSORT_DBTEMP: allows you to specify a filesystem instead of DBSPACETEMP.
PSORT_NPROCS: specifies number of threads for sorting.

Having done tests with this parameter:

The disk and memory parameters don’t have any effect if you set PDQPRIORITY. If you do up to DS_TOTAL_MEMORY multiplied by the effective PDQPRIORITY (as a percentage) can be allocated.
Even if set, they only have the effect of restricting the number of columns that can be processed in a single pass so a lot of the time they make no difference. For a better understanding of how this works see John Miller III’s article on Understanding and Tuning Update Statistics.
Setting the explain output via the directive setting works a bit weirdly: you need to run set explain on separately to enable the explain plan even if set here but disabling it with this parameter does work.
The default is to use indices for sorting. Switching this off (directive 1 or 2) was up to 5x slower on my test system.

Here are some performance tests showing the effects of different DBUPSPACE settings on UPDATE STATISTICS HIGH. My performance tests are all carried out on a powerful 32 core Linux x86_64 server with 256 Gb RAM and fast SAN storage (not my laptop). For my tests I did a dummy run first to try and even out any effects of caching in the SAN. I then did a run immediately after initialising my instance (cold) and a repeat run (warm) for each result.

10 million row non-partitioned table with 12 single-column indices:

DBUPSPACE	PDQPRIORITY	Memory allocated (Mb)	No. of scans	Indices used for sorting?	Light scans used?	Time elapsed cold (s)	Time elapsed warm (s)
1024:15:0 (default)	0	15	12	Yes	No	111	97
0:50:0	0	50	12	Yes	No	108	97
0:50:1	0	50	12	No	No	259	254
0:50:0	100	2462.7	1	Yes	Yes	172	180
0:50:1	100	2462.7	1	No	Yes	176	172

74 million row table with 8-way round-robin partitioning and 3 single-column indices:

DBUPSPACE	PDQPRIORITY	Memory allocated (Mb)	No. of scans	Indices used for sorting?	Light scans used?	Time elapsed cold (s)	Time elapsed warm (s)
1024:15:0 (default)	0	15	3	Yes	No	227	169
0:50:0	0	50	3	Yes	No	224	168
0:50:1	0	50	3	No	No	501	494
0:50:0	100	3064.7	1	Yes	Yes	432	426
0:50:1	100	3064.7	1	No	Yes	425	428

What conclusions can we draw from these results?

Using PDQPRIORITY actually makes it slower.
There is no significant difference between using 15 Mb of memory for sorts and 50 Mb of memory for sorts. I suspect this is because the number of scans is the same.
Using indices for sorting (the default) is faster than not using indices for sorting when not using PDQ.
The use of light scans (avoiding the buffer cache) reduces the variation between the cold and warm results.

Despite having a partitioned table and PDQPRIORITY set, the interesting thing here is that during the execution I observed no parallelism. You can see this for yourself by identifying the session running UPDATE STATISTICS and looking at the threads the session is using. I get something like this for my partitioned table:

IBM Informix Dynamic Server Version 11.70.FC7W1 -- On-Line -- Up 00:01:11 -- 228250944 Kbytes

session           effective                            #RSAM    total      used       dynamic 
id       user     user      tty      pid      hostname threads  memory     memory     explain 
14       informix -         -        28798    guebobdb 1        11563008   10603832   off 

Program :
/opt/informix-11.70.FC7W1/bin/dbaccess

tid      name     rstcb            flags    curstk   status
201      sqlexec  26e1fbbfc8       ---PR--  24752    running-

Memory pools    count 4
name         class addr              totalsize  freesize   #allocfrag #freefrag 
14           V     26e4c59040       139264     10008      176        12        
14_SORT_0    V     26e573d040       4108288    294896     34865      4         
14_SORT_1    V     26e5748040       3657728    326176     32934      4         
14_SORT_2    V     26e5730040       3657728    325936     32937      4         

name           free       used           name           free       used      
overhead       0          13152          scb            0          144       
opentable      0          10640          filetable      0          3016      
ru             0          600            misc           0          160       
log            0          16536          temprec        0          21664     
blob           0          832            keys           0          664       
ralloc         0          19320          gentcb         0          1592      
ostcb          0          2944           sort           0          1577072   
sqscb          0          20224          sql            0          72        
srtmembuf      0          817320         hashfiletab    0          552       
osenv          0          3000           buft_buffer    0          8736      
sqtcb          0          9680           fragman        0          3640      
shmblklist     0          8074432        

sqscb info
scb              sqscb            optofc   pdqpriority optcompind  directives
e28f91c0         e4c5a028         0        100         0           1         

Sess       SQL            Current            Iso Lock       SQL  ISAM F.E. 
Id         Stmt type      Database           Lvl Mode       ERR  ERR  Vers  Explain    
14         UPDATE STATIST testdb             DR  Wait 15    0    0    9.24  On         

Current SQL statement (6) :
  update statistics high for table large_8-way_table
    (id_col1,id_col2,date_col) distributions only force

Last parsed SQL statement :
  update statistics high for table large_8-way_table
    (id_col1,id_col2,date_col) distributions only force

In the above example we can see that the engine has allocated three memory pools, one each for the three columns we are updating in a single pass with PDQPRIORITY set.

If you do see parallel sort (PSORT) threads like this:

Program :
/opt/informix-11.70.FC7W1/bin/dbaccess

tid      name     rstcb            flags    curstk   status
370      sqlexec  26e1fbaf28       ---PR--  20688    running-
371      psortpro 26e1fde468       Y------  912      cond wait  incore    -
372      psortpro 26e1fcda68       Y------  912      cond wait  incore    -
373      psortpro 26e1fd88f8       Y------  912      cond wait  incore    -
374      psortpro 26e1fd1498       Y------  912      cond wait  incore    -
375      psortpro 26e1fc6608       Y------  912      cond wait  incore    -
376      psortpro 26e1fdc328       Y------  912      cond wait  incore    -
377      psortpro 26e1fd4ec8       Y------  912      cond wait  incore    -
378      psortpro 26e1fca038       Y------  912      cond wait  incore    -
379      psortpro 26e1fbe958       Y------  912      cond wait  incore    -
380      psortpro 26e1fdbad8       Y------  912      cond wait  incore    -
381      psortpro 26e1fcb0d8       Y------  912      cond wait  incore    -
382      psortpro 26e1fda1e8       Y------  912      cond wait  incore    -
383      psortpro 26e1fc97e8       Y------  912      cond wait  incore    -
384      psortpro 26e1fd5718       Y------  912      cond wait  incore    -
385      psortpro 26e1fcd218       Y------  912      cond wait  incore    -
386      psortpro 26e1fc2388       Y------  912      cond wait  incore    -
387      psortpro 26e1fd80a8       Y------  912      cond wait  incore    -
388      psortpro 26e1fd0c48       Y------  912      cond wait  incore    -
389      psortpro 26e1fc5db8       -------  1632     running-
390      psortpro 26e1fdf508       Y------  912      cond wait  incore    -
391      psortpro 26e1fd7858       Y------  912      cond wait  incore    -
392      psortpro 26e1fc6e58       Y------  912      cond wait  incore    -
393      psortpro 26e1fd35d8       Y------  912      cond wait  incore    -
394      psortpro 26e1fdcb78       -------  8        running-
395      psortpro 26e1fca888       -------  1632     running-
396      psortpro 26e1fbf9f8       -------  1632     running-
397      psortpro 26e1fcc9c8       -------  8        running-
398      psortpro 26e1fc1b38       -------  8        running-
399      psortpro 26e1fd1ce8       -------  8        running-

Memory pools    count 4
name         class addr              totalsize  freesize   #allocfrag #freefrag 
41           V     270a6cd040       954368     61560      438        53        
41_SORT_0    V     2706fc2040       3915776    2184       33415      10        
41_SORT_1    V     2706fbb040       4222976    14488      31589      27        
41_SORT_2    V     2706fbc040       4222976    14248      31592      27

It is either because PSORT_NPROCS is set in your environment or set in the database engine’s environment when it was started.

Let’s now looking at the effect of PSORT_NPROCS. The only way to use this with AUS is to set PSORT_NPROCS when you start the database engine, which will of course affect all sessions.

Setting PSORT_NPROCS is the only way to get any parallel processing with UPDATE STATISTICS HIGH or MEDIUM. It has no effect on UPDATE STATISTICS LOW. Setting PDQPRIORITY only provides more memory and allows HIGH and MEDIUM mode distributions on multiple columns to be built in a single pass, if enough memory is available. There will be one SORT memory pool per column being processed regardless of PDQPRIORITY. Sorting with PSORT_NPROCS set can be faster as we’ll see now.

Carrying on with the same examplse as above, I get these results:

10 million row non-partitioned table with 12 single-column indices:

DBUPSPACE	PDQPRIORITY	PSORT_ NPROCS	Memory allocated (Mb)	No. of scans	Light scans used?	Time elapsed cold (s)	Time elapsed warm (s)
0:50:0	0	Not set	50	12	No	108	97
0:50:0	0	24	50	12	No	123	97
0:50:0	100	Not set	2462.7	1	Yes	172	180
0:50:0	100	24	2538.4	1	Yes	80	83

74 million row table with 8-way round-robin partitioning and 3 single-column indices:

DBUPSPACE	PDQPRIORITY	PSORT_ NPROCS	Memory allocated (Mb)	No. of scans	Light scans used?	Time elapsed cold (s)	Time elapsed warm (s)
0:50:0	0	Not set	50	3	No	224	168
0:50:0	0	24	50	3	No	223	170
0:50:0	100	Not set	3064.7	1	Yes	432	426
0:50:0	100	24	3083.7	1	Yes	156	145

What conclusions can we draw this time?

The fastest UPDATE STATISTICS HIGH (or MEDIUM) performance is with PDQ and PSORT_NPROCS set. (Seasoned DBAs might have expected this result).
But it’s not much faster than running without either of these parameters set, probably with fewer server resources.
It’s worth bearing in mind that PDQ enables light scans which may avoid buffer cache churn.

Adding additional AUS Refresh tasks for greater throughput

There is another way to achieve parallelism with AUS and that is to add additional scheduler tasks so that more than one table can be worked on at once, for example:

INSERT INTO sysadmin:ph_task ( tk_name, tk_description, tk_type, tk_dbs, tk_execute, tk_delete, tk_start_time, tk_stop_time, tk_frequency, tk_monday, tk_tuesday, tk_wednesday, tk_thursday, tk_friday, tk_saturday, tk_sunday, tk_group, tk_enable ) VALUES ( 'Auto Update Statistics Refresh #2', 'Refreshes the statistics and distributions which were recommended by the evaluator.', 'TASK', 'sysadmin', 'aus_refresh_stats', '0 01:00:00', '03:11:00', '12:45:00', '1 00:00:00', 't', 't', 't', 't', 't', 'f', 'f', 'PERFORMANCE', 't' );

It is vital that the task name begins with Auto Update Statistics Refresh as shown here otherwise some of the internal code that stops the evaluator from running at the same time as the refresh tasks will not work.

Think of it as a batch process where the goal is to update all your statistics and distributions, not doing an individual table as fast as possible.

I recommend this method if you need extra grunt! Then run without PDQ (AUS_PDQ = 0).

Pros and cons of using PSORT_DBTEMP

Let’s move to consider another environment variable you can’t easily use: PSORT_DBTEMP. Is using a filesystem for sorts faster than temporary dbspaces? For this I am not going to do any performance tests largely because a comparison between the local SATA disks used for filesystems and the battery-backed, part solid state SAN used for the database storage on my server is not a fair fight.

If you want to use PSORT_DBTEMP with AUS, again you will need to set it in your environment when initialising the server and use it across your system.

The only definitive benefit of pointing to a filesystem using PSORT_DBTEMP instead of using DBSPACETEMP is that the Linux filesystem cache has an effect. This means that your temporary files may never be committed to disk, giving you a performance advantage. Another interesting alternative is to use a RAM disk.

Otherwise when considering whether to use a filesystem over temporary dbspaces, I would consider your hardware.

Recent UPDATE STATISTICS defects

Below are some defects relating to UPDATE STATISTICS that I have personally logged with IBM. All are general UPDATE STATISTICS issues and whether you use AUS or not does not affect your chances of hitting these. I have written some comments underneath.

IT06767 UPDATE STATISTICS HIGH ON TABLE BIGGER THAN 1.1 BIO ROWS CAN CAUSE EXCEPTION IN SRTQUICK: This defect can only be hit if you use PDQ and a large amount of memory is allocated.
IT06726 Assert Warning Invalid index statistics found when using statistics sampling with index having many deleted items: Requires USTLOW_SAMPLE to be switched on. It is fairly harmless but does write some garbage to sysfragments. Re-running UPDATE STATISTICS LOW usually fixes it.
IT02679 UPDATE STATISTICS HIGH ON A FRAGMENTED TABLE LEADS TO ERROR MESSAGE 9810: This can only be seen if using fragment level statistics.
IT05463 Fragment based update stats high consumes a huge amount of sblobspace: This can only be seen if using fragment level statistics. It is not worth trying to make your sbspace extremely large to work around this problem.
IT05639 -768: Internal error in routine mbmerge2bin when running update statistics on a fragmented table (running fragment-level statistics)
: Another fragment level statistics one. With the fixes for IT02679, IT05463 and IT05639 this feature is solid. I wouldn’t enable this for a table unless you have all of these in your version.

Most of these defects are fixed in 12.10.FC5.

UPDATE STATISTICS performance summary

Overall then what seems to be the best balance between speed and use of resources on your system is:

In terms of AUS, leave AUS_PDQ at 0.
If you need more throughput add more Refresh tasks to the scheduler.
That’s it.
Set DBUPSPACE=0:50:0 in the server environment.

I hope this has been useful. I’ll end with a quick summary of some of the more interesting performance points from this presentation which apply regardless of whether you use AUS or not:

Setting PDQPRIORITY only provides more memory for UPDATE STATISTICS HIGH or MEDIUM and does not provide parallel processing. It may even make it run slower.
If you want multi-threaded processing, this only works by setting PSORT_NPROCS and then only with UPDATE STATISTICS HIGH or MEDIUM. Because it does not require PDQ you can use this with workgroup edition.
In my tests only when used together do PDQPRIORITY and PSORT_NPROCS improve performance. PDQ does switch on light scans though which avoid churning your buffer cache..
Not using indices for sorting for UPDATE STATISTICS HIGH or MEDIUM can be significantly slower.
The performance of UPDATE STATISTICS [LOW] can be improved by setting USTLOW_SAMPLE.

Temporary tables

Posted: 29 March, 2015 | Author: Ben Thompson | Filed under: Instance and operating system tuning, Monitoring, SQL query tuning | Tags: CREATE TEMP TABLE, dbspace, DBSPACETEMP, SELECT INTO TEMP, TEMPTAB_NOLOG | 2 Comments

Again, this is another blog post about nothing new at all but an attempt to put down my understanding of temporary tables down in a way that will help me when I refer back to it and hopefully be of more wider use.

When looking at things like this a test system is always essential for checking things and finding some surprising results. If you don’t have one you can soon set one up with VMWare or Virtual Box and a copy of Informix Developer Edition. For this post I am going to set up a simple test instance with four specific dbspaces:

A logged rootdbs with plenty of free space, called rootdbs.
A logged dbspace for my data and indices, called datadbs.
A temporary dbspace without logging, called tmp2k_unlogged.
A temporary dbspace with logging, called tmp2k_logged.

What’s the difference between a temporary dbspace with logging and a normal dbspace? Nothing except that one appears in the DBSPACETEMP onconfig setting.

Consider the SQL statements which explicitly create temporary tables in a session:

create temp table unlogged (col1 int) with no log; insert into unlogged values (1);

and:

create temp table logged (col1 int); insert into logged values (1);

For these tests we must have TEMPTAB_NOLOG set to 0 in our onconfig otherwise the second statement will silently have a with no log criterion added to it.

Let’s run these, use oncheck -pe to see which dbspace they get placed in and then use onlog -n <starting log unique identifier> to see if changes to these tables get logged or not:

DBSPACETEMP setting	unlogged table		logged table
DBSPACETEMP setting	dbspace used	logged operations	dbspace used	logged operations
tmp2k_unlogged:tmp2k_logged	tmp2k_unlogged	no	tmp2k_logged	yes
tmp2k_unlogged	tmp2k_unlogged	no	datadbs	yes
tmp2k_logged	tmp2k_logged	no	tmp2k_logged	yes
NONE	datadbs	no	datadbs	yes

So already a few interesting results drop out:

We can specify both logged and unlogged dbspaces using the DBSPACETEMP parameter.
The engine will prefer logged dbspaces for logged tables and unlogged dbspaces for unlogged tables.
If an unlogged dbspace is not available the engine can use a logged dbspace and create unlogged tables in it.
If a logged dbspace is not available the engine will use an alternative dbspace because an unlogged dbspace does not logging at all. In this case it has chosen datadbs, because this is the dbspace in which I created my database.

At this point it’s worth referring to an IBM technote on this subject. This suggests some more tests but already my results are not in agreement with the first example given:

If we have created a dbspace named tmpdbs, but we could not see it was marked as ‘T’ in the result of onstat -d. We set DBSPACETEMP configuration parameter to tmpdbs. On this condition, tmpdbs will be used for logged temporary tables. That means if a temp table is created with ‘WITH NO LOG’ option, the server will not use it.

This is implying that my tmp2k_logged dbspace (it will not have the ‘T’ flag) cannot be used for unlogged temporary tables. You can see from my table that this isn’t true and I invite you to test this for yourself.

As part proof here is the onstat -d and oncheck -pe output:

$ onstat -d | grep tmp2k
7f9d7310         3        0x60001    3        1        2048     N  BA    informix tmp2k_logged
7f9d74b8         4        0x42001    4        1        2048     N TBA    informix tmp2k_unlogged


DBspace Usage Report: tmp2k_logged        Owner: informix  Created: 03/08/2015


 Chunk Pathname                             Pagesize(k)  Size(p)  Used(p)  Free(p)
     3 /informix_data/sandbox/tmp2k                   2      512       61      451

 Description                                                   Offset(p)  Size(p)
 ------------------------------------------------------------- -------- --------
 RESERVED PAGES                                                       0        2
 CHUNK FREELIST PAGE                                                  2        1
 tmp2k_logged:'informix'.TBLSpace                                     3       50
 db1:'thompsonb'.unlogged                                            53        8
 FREE                                                                61      451

 Total Used:       61
 Total Free:      451

Moving on, let’s do a slightly different test:

select * from sysmaster:systables into temp mytab_unlogged with no log;

and:

select * from sysmaster:systables into temp mytab_logged;

And the results:

DBSPACETEMP setting	unlogged table		logged table
DBSPACETEMP setting	dbspace used	logged operations	dbspace used	logged operations
tmp2k_unlogged:tmp2k_logged	tmp2k_unlogged	no	tmp2k_logged	yes
tmp2k_unlogged	tmp2k_unlogged	no	datadbs	yes
tmp2k_logged	tmp2k_logged	no	tmp2k_logged	yes
NONE	datadbs	no	datadbs	yes

Again my results are in disagreement with the IBM technote which says:

If DBSPACETEMP is not specified, the temporary table is placed in either the root dbspace or the dbspace where the database was created. SELECT…INTO TEMP statements place the temporary table in the root dbspace. CREATE TEMP TABLE statements place the temporary table in the dbspace where the database was created.

In both cases in my tests the engine chose datadbs and not my root dbspace.

Let’s move on a bit. How do I know what temporary tables are in use on my system as a whole?

One way is to run something like:

onstat -g sql 0 | grep -A 3 'User-created Temp tables'

This might get you something like this:

User-created Temp tables :
  partnum  tabname            rowsize 
  400003   mysystables2       500
  400002   mysystables        500

Another way is to run oncheck -pe and have a look at what is in your temporary dbspaces. Here you may also see space used by the engine for sorting, marked with SORTTEMP, or temporary tables created implicitly by the engine for query processing. However whatever type of object it is, you will find it impossible to match anything you see to a particular session by this method; it is only possible to match to a user name which would only allow positive identification if there was only a single session per user.

There is another way to match tables to sessions which works for explicitly created temporary tables, for which I don’t want to claim any credit because I cribbed it from the IIUG Software Repository. The script is called find_tmp_tbls and it its present state is broken when used with 11.70 (and hasn’t been tested since version 9.30.FC2 according to its README): at least it does not work with 64-bit Linux, mainly because the syntax for onstat -g dmp seems to have changed slightly. I managed to fix it up, however.

It’s a little complicated to follow but the basic steps are this:

You need to start with a given session and check if it has any temporary tables. (Unfortunately I don’t know a way of working backwards from the temporary table to see which session it belongs to either through onstat or the SMI interface.)
Get the session’s rstcb value, either from onstat -g ses <sid> or from the first column in onstat -u.
Run onstat -g dmp 0x<rstcb> rstcb | grep scb. Note that the rstcb value must be prefixed by 0x.This should return an scb value in hex.
Take this value and run onstat -g dmp <scb> scb_t | grep sqscb. Your address must start with 0x again and this is true throughout all the examples. This will return two values; take the one labelled just sqscb.
Feed this value into another dmp command: onstat -g dmp <sqscb> sqscb_t | grep dicttab. This will return another value.
Finally take this and get the partnum(s) of the temporary tables for the session by running: onstat -g dmp <dicttab> "ddtab_t,LL(ddt_next)" | grep partnum.

Here is all that as an example:

$ onstat -g dmp 0x2aaaab608488 rstcb_t | grep scb
    scb          = 0x2aaaabf5f1c0
$ onstat -g dmp 0x2aaaabf5f1c0 scb_t | grep sqscb
    sqscb        = 0x2aaaad6c8028
    sqscb_poolp  = 0x2aaaad6c92c8
$ onstat -g dmp 0x2aaaad6c8028 sqscb_t | grep dicttab
    dicttab      = 0x2aaaad87c4f0
$ onstat -g dmp 0x2aaaad87c4f0 "ddtab_t,LL(ddt_next)" | grep partnum
    ddt_partnum  = 4194307
    ddt_partnum  = 4194306

It’s worth emphasising that this method will only work for explicitly created temporary tables. It won’t identify temporary space used by:

implicitly created temporary tables created by the engine to process a query.
temporary sort segments.

If there is a similar method for these types, I would be interested to find out about it.

Armed with the partnum you can do whatever you want with it like run this query against the sysmaster database to see what space is being used:

SELECT
  tab.owner,
  tab.tabname,
  dbsp.name dbspace,
  te_chunk chunk_no,
  te_offset offset,
  te_size size
FROM
  systabnames tab,
  systabextents ext,
  syschunks ch,
  sysdbspaces dbsp
WHERE
  tab.partnum in (4194306, 4194307) AND
  ext.te_partnum=tab.partnum AND
  ch.chknum=ext.te_chunk AND
  dbsp.dbsnum=ch.dbsnum
ORDER BY
  tab.owner,
  tab.tabname,
  te_extnum;

Giving results like:

owner	tabname	dbspace	chunk_no	offset	size
thompsonb	mysystables	tmp2k_unlogged	6	53	8
thompsonb	mysystables2	tmp2k_unlogged	6	61	8

For reference there is information about explicit and implicit temporary tables and temporary sort space in these tables in the sysmaster database:

sysptnhdr
sysptnext
sysptnbit
sysptntab
sysptprof
systabextents
systabinfo
systabnames
systabpagtypes

So in conclusion I hope this post brings together some useful information about explicit temporary tables. Personally I’d like to be able to get a complete picture of which sessions what statements are using temporary space, which this doesn’t give. If I find anything it will be subject of a future blog post.

Foreign key creation performance

Posted: 2 September, 2014 | Author: Ben Thompson | Filed under: Instance and operating system tuning, Storage schema management | Tags: foreign key, pdq, performance | Leave a comment

The Agile development model IBM has moved to for Informix development means that there’s always a few extra features in each fix pack. There are two rather nice enhancement in 11.70.FC8 when building a foreign key which alleviate some pain points when doing administration on large tables. The first is a no validate option which means that no checking of the data is done when creating the foreign key. This is appropriate in situations like migrating platforms when you know that referential integrity is already assured and you want to avoid the overhead of re-checking it all again on the new system. I want to look instead at the other enhancement: improved performance when creating a foreign key.

Nearly all of the time creating a foreign key constraint is spent checking the data; modifying the database schema to add the constraint is a very quick operation.

Prior to 11.70.FC8 creating a foreign key on a large table was a long process and with non-partitioned tables it was a single-threaded operation which did not benefit from the use of indices. Typically you’d see a thread working away like this:

tid      name     rstcb            flags    curstk   status
283      sqlexec  26e1fc3c78       --BPR--  22096    running-

Or with a fragmented table and PDQ turned on you might see multiple threads:

tid      name     rstcb            flags    curstk   status
324      sqlexec  26e1fc3c78       --BP---  19744    sleeping secs: 1     -
325      scan_1.0 26e1fc0a98       --B-R--  3248     running-
326      scan_1.1 26e1fc44c8       --B-R--  3248     running-
327      scan_1.2 26e1fc4d18       --B-R--  3248     running-
328      scan_1.3 26e1fc5568       --B-R--  3248     running-
329      scan_1.4 26e1fc5db8       --B-R--  3248     running-
330      scan_1.5 26e1fc6608       --B-R--  3248     running-
331      scan_1.6 26e1fc97e8       --B-R--  3248     running-
332      scan_1.7 26e1fcb0d8       --B-R--  3248     running-

Even with parallel operations foreign key builds could still take a long time.

With 11.70.FC8 foreign key builds are a lot faster and here is a test case which you can try. I’m going to create a 10 million row table, which is large enough to demonstrate the problem, and a referenced table with up to 32767 unique values and see how long it takes to create a foreign key.

Courtesy of the Informix FAQ I am going to create these procedures to generate random numbers.

CREATE PROCEDURE sp_setseed(n INTEGER) DEFINE GLOBAL seed DECIMAL(10) DEFAULT 1;


  LET seed = n;
END PROCEDURE;
CREATE PROCEDURE sp_random() RETURNING INTEGER;

  DEFINE GLOBAL seed DECIMAL(10) DEFAULT 1;

  DEFINE d DECIMAL(20,0);
  LET d = (seed * 1103515245) + 12345;

  -- MOD function does not handle 20-digit values

  LET seed = d - 4294967296 * TRUNC(d / 4294967296);
  RETURN MOD(TRUNC(seed / 65536), 32768);

END PROCEDURE;

These will generate a random number between 0 and 32767 and I’ll use these to create some data to populate my tables with.

drop procedure if exists populate; create procedure populate ()


  define p_wid int;

  define i int;
  drop table if exists referenced;

  create table referenced (

    widget_id int not null

  );
  drop table if exists referencing;

  create table referencing (

    id_column bigserial not null,

    widget_id int not null

  );
  FOR i = 1 TO 10000000 STEP 1
    let p_wid = sp_random();

    insert into referencing (widget_id) values (p_wid);
  END FOR;
  create index ireferencing_x1 on referencing (widget_id);

  insert into referenced (widget_id) select distinct widget_id from referencing;
  create unique index ireferenced_u1 on referenced (widget_id);

  alter table referenced add constraint primary key (widget_id) constraint referenced_pk;
end procedure;

execute procedure populate();

That sets up the test. It just remains to create the foreign key, which I’ll time:

alter table referencing add constraint foreign key (widget_id) references referenced (widget_id) constraint referencing_fk;

And so for the results:

Informix version	Fragmented table	PDQ priority	Parallel execution	Foreign key build time (s)
11.70.FC7	No	0	No	40
11.70.FC7	No	100	No	40
11.70.FC7	Yes, 8-way partition by expression, evenly distributed	0	No	40
11.70.FC7	Yes, 8-way partition by expression, evenly distributed	100	Yes	40
11.70.FC7	Yes, 8-way round-robin	0	No	41
11.70.FC7	Yes, 8-way round-robin	100	Yes	67
11.70.FC8	No	0	No	0.3
11.70.FC8	No	100	No	0.3
11.70.FC8	Yes, 8-way partition by expression, evenly distributed	0	No	0.5
11.70.FC8	Yes, 8-way partition by expression, evenly distributed	100	Yes	40
11.70.FC8	Yes, 8-way round-robin	0	No	0.9
11.70.FC8	Yes, 8-way round-robin	100	Yes	68

And for comparison here is the time taken for some related SQL queries (without PDQ):

Query	Duration (s)
`select distinct widget_id from referencing;`	9
`select widget_id, count(*) from referencing group by widget_id;`	7
`select widget_id from referencing where widget_id not in (select widget_id from referenced);`	37

The purpose of this table is to show the relative times of the foreign key build and not to benchmark any hardware or Informix itself so I’m not going to divulge what hardware I’m used for the tests. The server I used did have multiple processors and CPU VPs configured so that PDQ queries could scale out. The number of ready threads was very low or none during the operation.

I ran all the tests a few times and there was a small amount of variation so I’ve only used a low precision in the results.

So what conclusions can we draw from this?

The stand-out result is that the verification of foreign keys is much faster in FC8 but only for serial operations.
Serial foreign key builds in FC8 are significantly faster than any SQL query I could write that checked the referential integrity.
In FC7 and earlier parallel operations may be slower.
In FC8 there is not the same speed improvement for parallel operations and they are still much slower.

Another interesting finding is the large difference in performance between the expression-based fragmentation and round-robin fragmentation when using parallel operations. I had assumed that this kind of operation would be agnostic to the type of fragmentation used. I checked this a few times but examining the threads when it is running shows something different is definitely happening.

Round-robin fragmentation looks like the below. Notice that most of the threads are active:

tid      name     rstcb            flags    curstk   status
123535   sqlexec  15f2599e8        --BP---  29472    sleeping secs: 1     -
123536   scan_1.0 15f25e590        --B-R--  2400     running-
123537   scan_1.1 15f262068        Y-B----  496      cond wait  await_MC1 -
123538   scan_1.2 15f25c3f0        Y-B----  496      cond wait  await_MC1 -
123539   scan_1.3 15f261800        --B----  2400     running-
123540   scan_1.4 15f2628d0        --B-R--  2400     running-
123541   scan_1.5 15f263138        --B-R--  2400     running-
123542   scan_1.6 15f25edf8        --B-R--  2400     running-
123543   scan_1.7 15f25f660        --B----  2400     running-

Expression fragmentation seems to run with just one active thread for the majority of the time:

tid      name     rstcb            flags    curstk   status
123804   sqlexec  15f258918        --BP---  29472    sleeping secs: 1     -
123805   scan_1.0 15f25e590        --B-R--  2400     running-
123806   scan_1.1 15f25c3f0        Y-B----  496      cond wait  await_MC1 -
123807   scan_1.2 15f261800        Y-B----  496      cond wait  await_MC1 -
123808   scan_1.3 15f2628d0        Y-B----  496      cond wait  await_MC1 -
123809   scan_1.4 15f263138        Y-B----  496      cond wait  await_MC1 -
123810   scan_1.5 15f25edf8        Y-B----  496      cond wait  await_MC1 -
123811   scan_1.6 15f25f660        Y-B----  496      cond wait  await_MC1 -
123812   scan_1.7 15f2639a0        Y-B----  496      cond wait  await_MC1 -
123813   scan_1.8 15f260f98        Y-B----  496      cond wait  await_MC1 -

There is an extra scan thread (scan_1.8) because I have an (empty) remainder fragment in addition to my 8-way fragmentation.

This would go some way to explaining why round-robin is faster.

Finally, if I could wander into the realms of speculation for a moment, it does look like IBM has implemented the parallel foreign key constraint checking slightly differently for each fragmentation method, which might explain why the improved performance is only seen with serial operations.

To sum up, this is a wonderful enhancement but I’ll be careful to switch off parallel processing when building foreign keys. It greatly speeds up index builds on fragmented tables, which is the type of operation you might do at the same time so I can foresee scripts with parallel processing being enabled and disabled several times to ensure best speed.

Informed Mix

Random postings about IBM Informix