From: Jesper Dangaard Brouer <brouer@redhat.com>
To: David Miller <davem@davemloft.net>
Cc: eric.dumazet@gmail.com, fw@strlen.de, netdev@vger.kernel.org,
pablo@netfilter.org, tgraf@suug.ch, amwang@redhat.com,
kaber@trash.net, paulmck@linux.vnet.ibm.com,
herbert@gondor.hengli.com.au,
David Laight <David.Laight@ACULAB.COM>
Subject: Re: [net-next PATCH V2 1/9] net: frag evictor, avoid killing warm frag queues
Date: Fri, 30 Nov 2012 13:01:31 +0100 [thread overview]
Message-ID: <1354276891.11754.424.camel@localhost> (raw)
In-Reply-To: <1354227470.11754.348.camel@localhost>
On Thu, 2012-11-29 at 23:17 +0100, Jesper Dangaard Brouer wrote:
> On Thu, 2012-11-29 at 12:44 -0500, David Miller wrote:
> >
> > The only way I could see this making sense is if some "probability
> > of fulfillment" was taken into account.
[...]
> This patch/system actually includes a "promise/probability of
> fulfillment". Let me explain.
>
> We allow "warn" entries to complete, by allowing (new) fragments/packets
> for these entries (present in the frag queue). While we don't allow the
> system to create new entries. This creates the selection we interested
> in (as we must drop some packets given the arrival rate bigger than the
> processing rate).
To help reviewers understand; the implications of allowing existing frag
queue to complete/finish.
Let me explain the memory implications:
Remember we only allow (default) 256K mem to be used, (now) per CPU for
fragments (raw memory usage skb->truesize).
Hint: I violate this!!! -- the embedded lynch mob is gathering support
As the existing entries in the frag queues, are still being allowed
packets through (even when the memory limit is exceeded). In
worst-case, as DaveM explained, this can be as much as 100KBytes per
entry (for 64K fragments).
The highest number of frag queue hash entries, I have seen is 308, at
4x10G with two fragments size 2944. (This is of-cause unrealistic to get
this high with 64K frames, due to bw link limit, I would approximate is
max at 77 entries at 4x10G).
Now I'm teasing the embedded lynch mob.
Worst case memory usage:
308 * 100KBytes = 30.8 MBytes (not per CPU, total)
Now the embedded lynch mob is banging at my door, yelling that I'm
opening a remote OOM DoS attack on their small memory boxes.
I'll calm them down, by explaining why we cannot reach this number.
The "warm" fragment code is making sure, this does not get out of hand.
An entry is considered "warn" for only one jiffie (1 HZ), which on
1000HZ systems is 1 ms (and 100HZ = 10 ms). (after-which the fragment
queue is freed)
How much data can we send in 1 ms at 10000 Mbit/s:
10000 Mbit/s div 8bit-per-bytes * 0.001 sec = 1.25 MBytes
And having 4x10G can result in 5 MBytes (and the raw mem usage
skb->truesize is going to get it a bit higher).
Now, the embedded lynch mob is trying find a 4x 10Gbit/s embedded system
with less than 10MBytes of memory... they give up and go home.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Sr. Network Kernel Developer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2012-11-30 12:03 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-29 16:10 [net-next PATCH V2 0/9] net: fragmentation performance scalability on NUMA/SMP systems Jesper Dangaard Brouer
2012-11-29 16:11 ` [net-next PATCH V2 1/9] net: frag evictor, avoid killing warm frag queues Jesper Dangaard Brouer
2012-11-29 17:44 ` David Miller
2012-11-29 22:17 ` Jesper Dangaard Brouer
2012-11-29 23:01 ` Eric Dumazet
2012-11-30 10:04 ` Jesper Dangaard Brouer
2012-11-30 14:52 ` Eric Dumazet
2012-11-30 15:45 ` Jesper Dangaard Brouer
2012-11-30 16:37 ` Eric Dumazet
2012-11-30 21:37 ` Jesper Dangaard Brouer
2012-11-30 22:25 ` Eric Dumazet
2012-11-30 23:23 ` Jesper Dangaard Brouer
2012-11-30 23:47 ` Stephen Hemminger
2012-12-01 0:03 ` Eric Dumazet
2012-12-01 0:13 ` Stephen Hemminger
2012-11-30 23:58 ` Eric Dumazet
2012-12-04 13:30 ` [net-next PATCH V3-evictor] " Jesper Dangaard Brouer
2012-12-04 14:32 ` [net-next PATCH V3-evictor] net: frag evictor,avoid " David Laight
2012-12-04 14:47 ` [net-next PATCH V3-evictor] net: frag evictor, avoid " Eric Dumazet
2012-12-04 17:51 ` Jesper Dangaard Brouer
2012-12-05 9:24 ` Jesper Dangaard Brouer
2012-12-06 12:26 ` Jesper Dangaard Brouer
2012-12-06 12:32 ` Florian Westphal
2012-12-06 13:29 ` David Laight
2012-12-06 21:38 ` David Miller
2012-12-06 13:55 ` Jesper Dangaard Brouer
2012-12-06 14:47 ` Eric Dumazet
2012-12-06 15:23 ` Jesper Dangaard Brouer
2012-11-29 23:32 ` [net-next PATCH V2 1/9] " Eric Dumazet
2012-11-30 12:01 ` Jesper Dangaard Brouer [this message]
2012-11-30 14:57 ` Eric Dumazet
2012-11-29 16:11 ` [net-next PATCH V2 2/9] net: frag cache line adjust inet_frag_queue.net Jesper Dangaard Brouer
2012-11-29 16:12 ` [net-next PATCH V2 3/9] net: frag, move LRU list maintenance outside of rwlock Jesper Dangaard Brouer
2012-11-29 17:43 ` Eric Dumazet
2012-11-29 17:48 ` David Miller
2012-11-29 17:54 ` Eric Dumazet
2012-11-29 18:05 ` David Miller
2012-11-29 18:24 ` Eric Dumazet
2012-11-29 18:31 ` David Miller
2012-11-29 18:33 ` Eric Dumazet
2012-11-29 18:36 ` David Miller
2012-11-29 22:33 ` Jesper Dangaard Brouer
2012-11-29 16:12 ` [net-next PATCH V2 4/9] net: frag helper functions for mem limit tracking Jesper Dangaard Brouer
2012-11-29 16:13 ` [net-next PATCH V2 5/9] net: frag, per CPU resource, mem limit and LRU list accounting Jesper Dangaard Brouer
2012-11-29 17:06 ` Eric Dumazet
2012-11-29 17:31 ` David Miller
2012-12-03 14:02 ` Jesper Dangaard Brouer
2012-12-03 17:25 ` David Miller
2012-11-29 16:14 ` [net-next PATCH V2 6/9] net: frag, implement dynamic percpu alloc of frag_cpu_limit Jesper Dangaard Brouer
2012-11-29 16:15 ` [net-next PATCH V2 7/9] net: frag, move nqueues counter under LRU lock protection Jesper Dangaard Brouer
2012-11-29 16:15 ` [net-next PATCH V2 8/9] net: frag queue locking per hash bucket Jesper Dangaard Brouer
2012-11-29 17:08 ` Eric Dumazet
2012-11-30 12:55 ` Jesper Dangaard Brouer
2012-11-29 16:16 ` [net-next PATCH V2 9/9] net: increase frag queue hash size and cache-line Jesper Dangaard Brouer
2012-11-29 16:39 ` [net-next PATCH V2 9/9] net: increase frag queue hash size andcache-line David Laight
2012-11-29 16:55 ` [net-next PATCH V2 9/9] net: increase frag queue hash size and cache-line Eric Dumazet
2012-11-29 20:53 ` Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1354276891.11754.424.camel@localhost \
--to=brouer@redhat.com \
--cc=David.Laight@ACULAB.COM \
--cc=amwang@redhat.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=fw@strlen.de \
--cc=herbert@gondor.hengli.com.au \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).