From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vincent Bernat Subject: Re: [PATCH] net: bridge: add max_fdb_count Date: Thu, 16 Nov 2017 21:21:55 +0100 Message-ID: References: <1510774027-2468-1-git-send-email-srn@prgmr.com> <4f31ae8b-352e-d2ab-cd71-4b31f76e666a@cumulusnetworks.com> <4d756a43-e51d-c52d-7b4b-fce61f021a66@prgmr.com> <20171116095846.GB14616@1wt.eu> <3d08c77f-8d71-e302-d3f7-24acc6df9414@prgmr.com> <20171116192325.GA16122@lunn.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Sarah Newman , Willy Tarreau , Nikolay Aleksandrov , netdev@vger.kernel.org, roopa To: Andrew Lunn Return-path: Received: from bart.luffy.cx ([78.47.78.131]:50924 "EHLO bart.luffy.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759164AbdKPUcF (ORCPT ); Thu, 16 Nov 2017 15:32:05 -0500 In-Reply-To: <20171116192325.GA16122@lunn.ch> (Andrew Lunn's message of "Thu, 16 Nov 2017 20:23:25 +0100") Sender: netdev-owner@vger.kernel.org List-ID: =E2=9D=A6 16 novembre 2017 20:23 +0100, Andrew Lunn =C2=A0: > struct net_bridge_fdb_entry is 40 bytes. > > My WiFi access point which is also a 5 port bridge, currently has 97MB > free RAM. That is space for about 2.5M FDB entries. So even Roopa's > 128K is not really a problem, in terms of memory. I am also interested in Sarah's patch because we can now have bridge with many ports through VXLAN. The FDB can be replicated to an external daemon with BGP and the cost of each additional MAC address is therefore higher than just a few bytes. It seems simpler to implement a limiting policy early (at the port or bridge level). Also, this is a pretty standard limit to have for a bridge (switchport port-security maximum on Cisco, set interface X mac-limit on Juniper). And it's not something easy to do with ebtables. --=20 Use the good features of a language; avoid the bad ones. - The Elements of Programming Style (Kernighan & Plauger)