From: Daniel Borkmann <dborkman@redhat.com>
To: "Vitaly V. Bursov" <vitalyb@telenet.dn.ua>
Cc: Mike Galbraith <bitbucket@online.de>,
linux-kernel@vger.kernel.org, netdev <netdev@vger.kernel.org>
Subject: Re: Scaling problem with a lot of AF_PACKET sockets on different interfaces
Date: Fri, 07 Jun 2013 16:33:11 +0200 [thread overview]
Message-ID: <51B1EF27.9030300@redhat.com> (raw)
In-Reply-To: <51B1EB7D.7060801@telenet.dn.ua>
On 06/07/2013 04:17 PM, Vitaly V. Bursov wrote:
> 07.06.2013 16:05, Daniel Borkmann пишет:
[...]
>>>> Ideas are welcome :)
>>
>> Probably, that depends on _your scenario_ and/or BPF filter, but would it be
>> an alternative if you have only a few packet sockets (maybe one pinned to each
>> cpu) and cluster/load-balance them together via packet fanout? (Where you
>> bind the socket to ifindex 0, so that you get traffic from all devs...) That
>> would at least avoid that "hot spot", and you could post-process the interface
>> via sockaddr_ll. But I'd agree that this will not solve the actual problem you've
>> observed. ;-)
>
> I was't aware of the ifindex 0 thing, it can help, thanks! Of course, if it'll
> work for me (applications is a custom DHCP server) it'll surely
> increase the overhead of BPF (I don't need to tap the traffic from all
> interfaces), there are vlans, bridges and bonds - likely the server will receive
> same packets multiple times and replies must be sent too...
> but it still should be faster.
Well, as already said, if you use a fanout socket group, then you won't receive the
_exact_ same packet twice. Rather, packets are balanced by different policies among
your packet sockets in that group. What you could do is to have a (e.g.) single BPF
filter (jitted) for all those sockets that'll let needed packets pass and you can then
access the interface they came from via sockaddr_ll, which then is further processed
in your fast path (or dropped depending on the iface). There's also a BPF extension
(BPF_S_ANC_IFINDEX) that lets you load the ifindex of the skb into the BPF accumulator,
so you could also filter early from there for a range of ifindexes (in combination to
bind the sockets to index 0). Probably that could work.
next prev parent reply other threads:[~2013-06-07 14:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-07 11:56 Scaling problem with a lot of AF_PACKET sockets on different interfaces Vitaly V. Bursov
2013-06-07 12:41 ` Mike Galbraith
2013-06-07 13:05 ` Daniel Borkmann
2013-06-07 14:17 ` Vitaly V. Bursov
2013-06-07 14:33 ` Daniel Borkmann [this message]
2013-06-10 6:34 ` Vitaly V. Bursov
2013-06-07 13:30 ` David Laight
2013-06-07 13:30 ` David Laight
2013-06-07 13:54 ` Eric Dumazet
2013-06-07 14:09 ` David Laight
2013-06-07 14:09 ` David Laight
2013-06-07 14:30 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51B1EF27.9030300@redhat.com \
--to=dborkman@redhat.com \
--cc=bitbucket@online.de \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=vitalyb@telenet.dn.ua \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.