Unix domain socket

Unix Domain Sockets are generally faster than TCP sockets over the loopback interface. Generally Unix Domain Sockets have on average 2 microseconds latency whereas TCP sockets 6 microseconds.

Unix域套接字通常比环回接口上的TCP套接字更快。通常,Unix域套接字的平均延迟为2微秒,而TCP套接字为6微秒。


A UNIX socket is an inter-process communication mechanism that allows bidirectional data exchange between processes running on the same machine.

UNIX套接字是一种进程间通信机制,允许在同一台计算机上运行的进程之间进行双向数据交换。


IP sockets (especially TCP/IP sockets) are a mechanism allowing communication between processes over the network. In some cases, you can use TCP/IP sockets to talk with processes running on the same computer (by using the loopback interface).

IP套接字(特别是TCP/IP套接字)是一种允许进程之间通过网络进行通信的机制。在某些情况下,可以使用TCP/IP套接字与在同一台计算机上运行的进程进行通信(通过使用环回接口)。


UNIX domain sockets know that they’re executing on the same system, so they can avoid some checks and operations (like routing); which makes them faster and lighter than IP sockets. So if you plan to communicate with processes on the same host, this is a better option than IP sockets.

UNIX域套接字知道它们在同一系统上执行,因此可以避免一些检查和操作(如路由);这使得它们比IP插座更快、更轻。因此,如果您计划与同一主机上的进程通信,这是一个比IP套接字更好的选项。


Edit: As per Nils Toedtmann’s comment: UNIX domain sockets are subject to file system permissions, while TCP sockets can be controlled only on the packet filter level.

编辑:根据NilsToedtmann的评论:UNIX域套接字受文件系统权限的限制,而TCP套接字只能在数据包筛选器级别进行控制。


What’s the difference between Unix socket and TCP/IP socket?

Unix套接字和TCP/IP套接字有什么区别?


A TCP/IP socket is used for communication across TCP/IP networks. A connected TCP socket is identified by the combination of local IP, local port, remote IP and remote port. A listening TCP socket is identified by local port and possibly local IP. AIUI at least on linux TCP/IP sockets always result in the generation and decoding of TCP/IP packets, even if the client and server are on the same machine.

TCP/IP套接字用于通过TCP/IP网络进行通信。连接的TCP套接字通过本地IP、本地端口、远程IP和远程端口的组合来标识。侦听TCP套接字由本地端口和可能的本地IP标识。AIUI至少在linux TCP/IP套接字上总是导致生成和解码TCP/IP数据包,即使客户端和服务器在同一台机器上。


A unix domain socket (sometimes shortened to unix socket) on the other hand operates on a single machine. Listening sockets live in the filesystem hierarchy and access to them can be controlled by filesystem permissions.【wyq:example,php-fpm use unix socket ,can configure the user and group who connect to php-fpm process 】

另一方面,unix域套接字(有时简称为unix套接字)在一台机器上运行。侦听套接字位于文件系统层次结构中,对它们的访问可以由文件系统权限控制。【wyq:例如,php-fpm使用unix套接字,可以配置连接到php-fpm进程的用户和组】


Furthermore a process accepting a connection on a Unix socket can determine the user ID of the process that connects. This can avoid the need for an authentication step. Rather than generating a password for your database server and including a copy of it in your webapp’s code you can just tell the database server that the user running the webapp has access to the corresponding user account in the database.

此外,在Unix套接字上接受连接的进程可以确定连接的进程的用户ID。这可以避免需要身份验证步骤。您只需告诉数据库服务器,运行webapp的用户可以访问数据库中相应的用户帐户,而不是为数据库服务器生成密码并将其副本包含在webapp的代码中。


You can list your own machine local unix sockets with the following command:

您可以使用以下命令列出自己的机器本地unix套接字:


The Unix socket implementation can send and receive more than twice the number of messages, over the course of a second, when compared to the IP one. During multiple runs, this proportion is consistent, varying around 10% for more or less on both of them. Now that we figured their performance differences, let’s find out why Unix sockets are so much faster.

与IP套接字相比,Unix套接字实现可以在一秒钟内发送和接收两倍多的消息。在多次运行中,这一比例是一致的,在两次运行中或多或少都在10%左右。现在我们了解了它们的性能差异,让我们来了解为什么Unix套接字速度更快。


It’s important to notice that both IP and Unix socket implementations are using TCP (socket.SOCK_STREAM), so the answer isn’t related to how TCP performs in comparison to another transport protocol like UDP, for instance (see update 1). What happens is that when Unix sockets are used, the entire IP stack from the operating system will be bypassed. There will be no headers being added, checksums being calculated (see update 2), encapsulation and decapsulation of packets being done nor routing being performed. Although those tasks are performed really fast by the OS, there is still a visible difference when doing benchmarks like this one.

需要注意的是,IP和Unix套接字实现都使用TCP(socket.SOCK_STREAM),因此答案与TCP与另一种传输协议(例如UDP)相比的性能无关(参见更新1)。发生的情况是,当使用Unix套接字时,操作系统的整个IP堆栈将被绕过。不会添加报头,不会计算校验和(请参见更新2),不会对数据包进行封装和解封装,也不会执行路由。尽管操作系统执行这些任务的速度非常快,但在进行类似这样的基准测试时,仍然存在明显的差异。


There’s so much room for real-world comparisons besides this synthetic measurement demonstrated here. What will be the throughput differences when a reverse proxy like nginx is communicating to a Gunicorn backend server using IP or Unix sockets? Will it impact on latency as well? What about transfering big chunks of data, like huge binary files, instead of small messages? Can Unix sockets be used to avoid Docker network overhead when forwarding ports from the host to a container?

除了这里演示的这种合成测量之外,还有太多的空间进行真实世界的比较。当像nginx这样的反向代理使用IP或Unix套接字与Gunicorn后端服务器通信时,吞吐量会有什么不同?它还会影响延迟吗?如何传输大块数据,比如巨大的二进制文件,而不是小消息?当将端口从主机转发到容器时,是否可以使用Unix套接字来避免Docker网络开销?
posted @ 2023-03-10 10:51  倾越  阅读(379)  评论(0)    收藏  举报