From: Mugunthan V N <mugunthanvnm-l0cyMroinI0@public.gmane.org>
To: David Laight
<David.Laight-ZS65k/vG3HxXrIkS9f7CXA@public.gmane.org>,
David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Cc: "netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [net-next PATCH v2 0/3] Broadcast/Multicast rate limit via Ethtool Coalesce
Date: Fri, 18 Jul 2014 11:07:35 +0530 [thread overview]
Message-ID: <53C8B29F.5@ti.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D172768B0-VkEWCZq2GCInGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
On Thursday 17 July 2014 06:23 PM, David Laight wrote:
>> From: Mugunthan V N
>> On Thursday 10 July 2014 05:14 AM, David Miller wrote:
>>> From: Mugunthan V N <mugunthanvnm-l0cyMroinI0@public.gmane.org>
>>> Date: Wed, 9 Jul 2014 12:44:07 +0530
>>>
>>>> A system/cpu can be loaded by a hacker with flooding of broadcast or
>>>> multicast packets, to prevent this some Ethernet controllers like CPSW
>>>> provide a mechanism to limit the broadcast/multicast packet rate via
>>>> hardware limiters. This patch series enables this feature via
>>>> Ethtool Coalesce.
>>> This is pretty bogus if you ask me.
>>>
>>> What is the difference from accepting a high rate of unicast packets?
>>> I say it is no different.
>>>
>>> Therefore, this feature makes no sense to me at all.
>> Any packet storm can cause an endpoint some issues. Typically packet
>> storms will cause the system CPU to thrash resulting is very low system
>> performance.
>>
>> Unicast storms only target a single destination end station, it can be
>> easily mitigated by the host adding a blocking entry in the LUT for each
>> aggressor.
>>
>> Broadcast and multicast target multiple end stations, or an entire
>> network, not only can it cause CPU thrashing, it can result in loss of
>> other broadcast and multicast services. The rate limiting feature allow
>> the broadcast and or multicast traffic to be dropped if the rates are
>> too high. This eliminates the CPU thrashing issue. It also allows the
>> system to analyze the aggressors and block them for future transgressions.
> Rate limiting multicast traffic will definitely cause the loss of multicast
> services.
When a system apply the rate limit, the system should expect to miss
some of the broadcast/multicast packet depending on the rate limit it
applies.
>
> My experience of broadcast storms is that many of the ethernet switches
> (probably especially the cheap ones) end up using a much slower software?
> path for broadcasts. In a broadcast storm they start discarding normal
> traffic - to point where a single ssh session becomes unusable.
> This is true even when isolated from the storm by a 10M hub.
>
> Broadcast storms are probably mostly caused by network topology issues.
> Especially is switches are sending traffic to 'all ports' while resetting
> the spanning tree tables.
>
This is one more example where broadcast/multicast rate limit can be used.
Regards
Mugunthan V N
WARNING: multiple messages have this Message-ID (diff)
From: Mugunthan V N <mugunthanvnm@ti.com>
To: David Laight <David.Laight@ACULAB.COM>,
David Miller <davem@davemloft.net>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [net-next PATCH v2 0/3] Broadcast/Multicast rate limit via Ethtool Coalesce
Date: Fri, 18 Jul 2014 11:07:35 +0530 [thread overview]
Message-ID: <53C8B29F.5@ti.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D172768B0@AcuExch.aculab.com>
On Thursday 17 July 2014 06:23 PM, David Laight wrote:
>> From: Mugunthan V N
>> On Thursday 10 July 2014 05:14 AM, David Miller wrote:
>>> From: Mugunthan V N <mugunthanvnm@ti.com>
>>> Date: Wed, 9 Jul 2014 12:44:07 +0530
>>>
>>>> A system/cpu can be loaded by a hacker with flooding of broadcast or
>>>> multicast packets, to prevent this some Ethernet controllers like CPSW
>>>> provide a mechanism to limit the broadcast/multicast packet rate via
>>>> hardware limiters. This patch series enables this feature via
>>>> Ethtool Coalesce.
>>> This is pretty bogus if you ask me.
>>>
>>> What is the difference from accepting a high rate of unicast packets?
>>> I say it is no different.
>>>
>>> Therefore, this feature makes no sense to me at all.
>> Any packet storm can cause an endpoint some issues. Typically packet
>> storms will cause the system CPU to thrash resulting is very low system
>> performance.
>>
>> Unicast storms only target a single destination end station, it can be
>> easily mitigated by the host adding a blocking entry in the LUT for each
>> aggressor.
>>
>> Broadcast and multicast target multiple end stations, or an entire
>> network, not only can it cause CPU thrashing, it can result in loss of
>> other broadcast and multicast services. The rate limiting feature allow
>> the broadcast and or multicast traffic to be dropped if the rates are
>> too high. This eliminates the CPU thrashing issue. It also allows the
>> system to analyze the aggressors and block them for future transgressions.
> Rate limiting multicast traffic will definitely cause the loss of multicast
> services.
When a system apply the rate limit, the system should expect to miss
some of the broadcast/multicast packet depending on the rate limit it
applies.
>
> My experience of broadcast storms is that many of the ethernet switches
> (probably especially the cheap ones) end up using a much slower software?
> path for broadcasts. In a broadcast storm they start discarding normal
> traffic - to point where a single ssh session becomes unusable.
> This is true even when isolated from the storm by a 10M hub.
>
> Broadcast storms are probably mostly caused by network topology issues.
> Especially is switches are sending traffic to 'all ports' while resetting
> the spanning tree tables.
>
This is one more example where broadcast/multicast rate limit can be used.
Regards
Mugunthan V N
next prev parent reply other threads:[~2014-07-18 5:37 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-09 7:14 [net-next PATCH v2 0/3] Broadcast/Multicast rate limit via Ethtool Coalesce Mugunthan V N
2014-07-09 7:14 ` Mugunthan V N
2014-07-09 7:14 ` Mugunthan V N
2014-07-09 7:14 ` [net-next PATCH v2 1/3] net: ethtool: Add Multicast and broadcast rate limit coalescing feature Mugunthan V N
2014-07-09 7:14 ` Mugunthan V N
2014-07-09 7:14 ` [net-next PATCH v2 2/3] drivers: net: cpsw: remove redundancy check Mugunthan V N
2014-07-09 7:14 ` Mugunthan V N
2014-07-09 7:14 ` [net-next PATCH v2 3/3] drivers: net: cpsw: Add support for multicast/broadcast rate limit Mugunthan V N
2014-07-09 7:14 ` Mugunthan V N
[not found] ` <1404890050-4020-4-git-send-email-mugunthanvnm-l0cyMroinI0@public.gmane.org>
2014-07-09 13:39 ` Govindarajulu Varadarajan
2014-07-09 13:39 ` Govindarajulu Varadarajan
[not found] ` <1404890050-4020-1-git-send-email-mugunthanvnm-l0cyMroinI0@public.gmane.org>
2014-07-09 23:44 ` [net-next PATCH v2 0/3] Broadcast/Multicast rate limit via Ethtool Coalesce David Miller
2014-07-09 23:44 ` David Miller
[not found] ` <20140709.164420.157865201153845876.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2014-07-17 6:13 ` Mugunthan V N
2014-07-17 6:13 ` Mugunthan V N
2014-07-17 6:13 ` Mugunthan V N
[not found] ` <53C76990.3000304-l0cyMroinI0@public.gmane.org>
2014-07-17 12:53 ` David Laight
2014-07-17 12:53 ` David Laight
[not found] ` <063D6719AE5E284EB5DD2968C1650D6D172768B0-VkEWCZq2GCInGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2014-07-18 5:37 ` Mugunthan V N [this message]
2014-07-18 5:37 ` Mugunthan V N
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53C8B29F.5@ti.com \
--to=mugunthanvnm-l0cymroini0@public.gmane.org \
--cc=David.Laight-ZS65k/vG3HxXrIkS9f7CXA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.