From: Glen Turner <glen.turner@aarnet.edu.au>
To: Harald Welte <laforge@gnumonks.org>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@oss.sgi.com
Subject: Re: [PATCH + RFC] neighbour/ARP cache scalability
Date: Fri, 24 Sep 2004 16:44:38 +0930 [thread overview]
Message-ID: <1096010078.4414.91.camel@andromache> (raw)
In-Reply-To: <20040922111447.GP3236@sunbeam.de.gnumonks.org>
On Wed, 2004-09-22 at 20:44, Harald Welte wrote:
> And I still want to address the "all complete entries flushed due to
> lots of bogus incomplete entires" issue somehow. As stated before, I
> have seen this on happen on live systems.
>
> Do you agree that this is an existing problem?
>
> I think just having a certain 'reserve' for complete entries (or a let's
> say 80% limit for incomplete ones) should address this issue.
Or two other ideas:
1)
Recognising that there are two classes of incomplete entries, those that
are recently-issued and those that are very unlikely to complete (as
you've allowed enough time for a handful of serialisation delays,
latencies and answering host turn-around (say 0.7s).
You can pretty safely aggressively flush the "unlikely to complete"
class of incomplete entries. The older the more aggressively.
Completed entries should be flushed before the first of the "recently
issued" incomplete entries, to stop repeated ARPing.
This gets less useful as your address allocation grows and scanning
rates rise, but is much better than the current algorithm or a
straight-forward least-recently-used algorithm.
2)
Record the source interface of the traffic which is causing this ARP.
When flushing the cache, apply a penalty to entries where that entry's
source interfaces has a large numbers of incomplete ARPs.
The effect of this is that scanning from an Internet-facing interface
won't succeed in pushing large numbers of entries generated from
local-to-local (eg, local file, print, intranet) traffic out of the
table.
A combination of (1) and (2) should be pretty solid. If it falls apart
under extreme scanning then hard-coding the ARP info for
externally-facing servers (such as web servers) is needed. Currently
hard-coding all machines would be needed in the extreme scanning case.
Hope this helps,
Glen
--
Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936
Australia's Academic & Research Network www.aarnet.edu.au
next prev parent reply other threads:[~2004-09-24 7:14 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-20 22:51 [PATCH + RFC] neighbour/ARP cache scalability Harald Welte
2004-09-21 6:29 ` David S. Miller
2004-09-21 7:04 ` Andre Tomt
2004-09-21 7:37 ` Robert Olsson
2004-09-21 8:58 ` Andi Kleen
2004-09-21 11:19 ` Pekka Savola
2004-09-21 13:49 ` Harald Welte
2004-09-21 14:10 ` Pekka Savola
2004-09-21 15:14 ` YOSHIFUJI Hideaki / 吉藤英明
2004-09-21 15:36 ` Robert Olsson
2004-09-21 15:59 ` YOSHIFUJI Hideaki / 吉藤英明
2004-09-21 15:58 ` Pekka Savola
2004-09-21 16:04 ` YOSHIFUJI Hideaki / 吉藤英明
2004-09-21 16:39 ` Tim Gardner
2004-09-21 17:31 ` Andi Kleen
2004-09-21 17:58 ` Tim Gardner
2004-09-21 18:15 ` Andi Kleen
2004-09-21 20:34 ` Harald Welte
2004-09-21 20:58 ` Tim Gardner
2004-09-22 1:14 ` Harald Welte
2004-09-22 3:31 ` David S. Miller
2004-09-22 11:14 ` Harald Welte
2004-09-24 5:53 ` David S. Miller
2004-09-24 7:14 ` Glen Turner [this message]
2004-09-24 5:47 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1096010078.4414.91.camel@andromache \
--to=glen.turner@aarnet.edu.au \
--cc=davem@davemloft.net \
--cc=laforge@gnumonks.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).