From: Jamal Hadi <hadi@shell.cyberus.ca>
To: "David S. Miller" <davem@redhat.com>
Cc: sim@netnation.com, netdev@oss.sgi.com, linux-net@vger.kernel.org
Subject: Re: Route cache performance under stress
Date: Wed, 21 May 2003 09:03:19 -0400 (EDT) [thread overview]
Message-ID: <20030521084023.Y43543@shell.cyberus.ca> (raw)
In-Reply-To: <20030520.173607.88482742.davem@redhat.com>
On Tue, 20 May 2003, David S. Miller wrote:
> From: Jamal Hadi <hadi@shell.cyberus.ca>
> Date: Tue, 20 May 2003 08:04:00 -0400 (EDT)
>
> Note: It may make sense that we have options to totaly remove
> the cache lookups if necessary - noone has proved a need for it at
> this point.
>
> There is a need, thinking otherwise is quite a narrow viewpoint :-)
> Let me explain.
>
> Forward looking, Alexey and myself plan to extend the per-cpu flow
> cache we designed for IPSEC policy lookups to apply to routing
> and socket lookup. There are two reasons to make this:
>
> 1) Per-cpu'ness.
IPIs to synchronize?
> 2) Input route lookup turns into a "flow" lookup and thus may
> give you a TCP socket, for example. It is the most exciting
> part of this work.
>
For packets that are being forwarded or even host bound, why start at
routing? This should be done much further below. Not sure how to deal
with packets originating from the host.
For example i moved the ingress qdisc to way down before IP is hit
(I can post the patch) and it works quiet well at the moment only with
the u32 classifier (you could use the route classifier for ip packets).
I have a packet editor action so i can do some form of ARP/MAC address
aliasing ;->
This also gives you opportunity to drop early. A flow index could be
created there that could be used to index into the route table for
example. Maybe routing by fwmark would then make sense.
> It can even be applied to netfilter entries. It really is the
> grand unified theory of flow handling :-) You can look to
> net/core/flow.c, it is the initial prototype and it is working
> and being used already for IPSEC policies. There are only minor
> adjustments necessary before we can begin trying to apply it to
> other things, but Alexey and myself know how to make them.
>
I did look at the code initially when it showed up. It does look sane.
Infact i raised the issue about the same time whether pushing and popping
these structures was the best way to go. Another approach would
be to use a "hub and spoke" dispatch based scheme which i use in the
effort to get better traffic control actions. Also the structure itself
had the grandiose view that routing is the mother of them all
i.e you "fit everything around routing" not "fit routing around other
things". Note: routing aint the only sexy thing these days, so unified
theory based on one sexy thing may be unfair to other sexy things;->
> So the real argument: Eliminating sourced based keying of input
> routes is a flawed idea. Firstly, independant of POLICY based routing
> (which is what it was originally made for) being able to block by
> source address on input is a useful feature. Secondly, if one must
> make "fib_validate_source()" on each input packet, it destroys all
> the posibility to make per-cpu flow caching a reality. This is
> because fib_validate_source() must walk the inetdev list and thus
> grab a shared SMP lock.
>
I think the flowi must be captured way before IP is hit and reused
by IP and other sublayers. policy routing dropping or attempts to
fib_validate_source() the packets should utilize that scheme (i.e install
filters below ip) and tag(fwmark) or drop them on the floor before they
hit IP.
> Note that any attempt to remove source based keying of routing cache
> entries on input (or eliminating the cache entirely) has this problem.
>
nod.
> It also becomes quite cumbersome to move all of this logic over to
> ip_input() or similar. And because it will always use a shared SMP
> lock it is guarenteed to be slower than the cache especially for
> well-behaved flows. So keep in mind that not all traffic is DoS :-)
>
true. I think post 2.6 we should just rip apart the infrastructure
and rethink things ;-> (should i go into hiding now?;->)
> (As a side note, and interesting area of discourse would be to see
> if DoS traffic can be somehow patternized, either explicitly in
> the kernel or via descriptions from the user. People do this today
> via netfilter, but I feel we might be able to do something more
> powerful at the flow caching level, ie. do not build cache entries
> for things looking like unary-packet DoS flow)
>
Should be pretty easy to do with a filter framework at the lower
layers such as the one i did with ingress qdisc.
> None of this means that slowpath should not be improved if necessary.
> On the contrary, I would welcome good kernel profiling output from
> someone such as sim@netnation during such stress tests.
>
nod.
cheers,
jamal
next prev parent reply other threads:[~2003-05-21 13:03 UTC|newest]
Thread overview: 217+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87d6iit4g7.fsf@deneb.enyo.de>
[not found] ` <20030517.150933.74723581.davem@redhat.com>
[not found] ` <87iss87gqd.fsf@deneb.enyo.de>
2003-05-18 9:31 ` Route cache performance under stress David S. Miller
2003-05-19 17:36 ` Jamal Hadi
2003-05-19 19:18 ` Ralph Doncaster
2003-05-19 22:37 ` Jamal Hadi
2003-05-20 1:10 ` Simon Kirby
2003-05-20 1:14 ` David S. Miller
2003-05-20 1:23 ` Jamal Hadi
2003-05-20 1:24 ` David S. Miller
2003-05-20 2:13 ` Jamal Hadi
2003-05-20 5:01 ` Pekka Savola
2003-05-20 11:47 ` Jamal Hadi
2003-05-20 11:55 ` Pekka Savola
2003-05-20 6:46 ` David S. Miller
2003-05-20 12:04 ` Jamal Hadi
2003-05-21 0:36 ` David S. Miller
2003-05-21 13:03 ` Jamal Hadi [this message]
2003-05-23 5:42 ` David S. Miller
2003-05-22 8:40 ` Simon Kirby
2003-05-22 8:58 ` David S. Miller
2003-05-22 10:40 ` David S. Miller
2003-05-22 11:15 ` Martin Josefsson
2003-05-23 1:00 ` David S. Miller
2003-05-23 1:01 ` David S. Miller
2003-05-23 8:21 ` Andi Kleen
2003-05-23 8:22 ` David S. Miller
2003-05-23 9:03 ` Andi Kleen
2003-05-23 9:59 ` David S. Miller
2003-05-24 0:41 ` Andrew Morton
2003-05-26 2:29 ` David S. Miller
2003-05-22 11:44 ` Simon Kirby
2003-05-22 13:03 ` Martin Josefsson
2003-05-23 0:55 ` David S. Miller
2003-05-22 22:33 ` David S. Miller
2003-05-29 20:51 ` Simon Kirby
2003-06-02 10:58 ` Robert Olsson
2003-06-02 15:18 ` Simon Kirby
2003-06-02 16:36 ` Robert Olsson
2003-06-02 18:05 ` Simon Kirby
2003-06-09 17:21 ` David S. Miller
2003-06-09 17:19 ` David S. Miller
2003-05-23 0:59 ` David S. Miller
2003-05-26 7:18 ` Florian Weimer
2003-05-26 7:29 ` David S. Miller
2003-05-26 9:34 ` Florian Weimer
2003-05-27 6:32 ` David S. Miller
2003-06-08 11:39 ` Florian Weimer
2003-06-08 12:05 ` David S. Miller
2003-06-08 13:10 ` Florian Weimer
2003-06-08 23:49 ` Simon Kirby
2003-06-08 23:55 ` CIT/Paul
2003-06-09 3:15 ` Jamal Hadi
2003-06-09 5:27 ` CIT/Paul
2003-06-09 5:58 ` David S. Miller
2003-06-09 6:28 ` CIT/Paul
2003-06-09 6:28 ` David S. Miller
2003-06-09 16:23 ` Stephen Hemminger
2003-06-09 16:37 ` David S. Miller
2003-06-09 7:13 ` Simon Kirby
2003-06-09 8:10 ` CIT/Paul
2003-06-09 8:27 ` Simon Kirby
2003-06-09 19:38 ` CIT/Paul
2003-06-09 21:30 ` David S. Miller
2003-06-09 22:19 ` Simon Kirby
2003-06-09 22:54 ` Robert Olsson
2003-06-13 6:21 ` David S. Miller
2003-06-13 10:40 ` Robert Olsson
2003-06-15 6:36 ` David S. Miller
2003-06-17 17:03 ` Robert Olsson
2003-06-09 22:56 ` CIT/Paul
2003-06-09 23:05 ` David S. Miller
2003-06-10 13:41 ` Robert Olsson
2003-06-10 0:03 ` Jamal Hadi
2003-06-10 0:32 ` Ralph Doncaster
2003-06-10 1:15 ` Jamal Hadi
2003-06-10 2:45 ` Ralph Doncaster
2003-06-10 3:23 ` Ben Greear
2003-06-10 3:41 ` Ralph Doncaster
2003-06-10 18:10 ` Ralph Doncaster
2003-06-10 18:21 ` Ben Greear
2003-06-10 4:34 ` Simon Kirby
2003-06-10 11:01 ` Jamal Hadi
2003-06-10 11:28 ` Jamal Hadi
2003-06-10 13:18 ` Ralph Doncaster
2003-06-10 16:10 ` David S. Miller
2003-06-10 10:53 ` Jamal Hadi
2003-06-10 11:41 ` chas williams
2003-06-10 16:27 ` David S. Miller
2003-06-10 16:57 ` chas williams
2003-06-10 11:41 ` Pekka Savola
2003-06-10 11:58 ` John S. Denker
2003-06-10 12:12 ` Jamal Hadi
2003-06-10 16:33 ` David S. Miller
2003-06-10 12:07 ` Jamal Hadi
2003-06-10 15:29 ` Ralph Doncaster
2003-06-11 19:48 ` Florian Weimer
2003-06-11 19:40 ` CIT/Paul
2003-06-11 21:09 ` Florian Weimer
2003-06-10 13:10 ` Ralph Doncaster
2003-06-10 13:36 ` Jamal Hadi
2003-06-10 14:03 ` Ralph Doncaster
2003-06-10 16:38 ` David S. Miller
2003-06-10 16:39 ` David S. Miller
2003-06-10 18:41 ` Florian Weimer
2003-06-11 11:47 ` Was (Re: " Jamal Hadi
2003-06-11 18:41 ` Real World Routers 8-) Florian Weimer
2003-06-10 15:53 ` Route cache performance under stress David S. Miller
2003-06-10 16:15 ` 3c59x (was Route cache performance under stress) Bogdan Costescu
2003-06-10 16:20 ` Andi Kleen
2003-06-10 16:23 ` Jeff Garzik
2003-06-10 17:02 ` 3c59x David S. Miller
2003-06-10 17:16 ` 3c59x Jeff Garzik
2003-06-10 17:14 ` 3c59x David S. Miller
2003-06-10 17:25 ` 3c59x Jeff Garzik
2003-06-10 17:30 ` 3c59x David S. Miller
2003-06-10 19:20 ` 3c59x Jeff Garzik
2003-06-10 19:21 ` 3c59x David S. Miller
2003-06-10 17:18 ` 3c59x Andi Kleen
2003-06-10 17:29 ` 3c59x chas williams
2003-06-10 17:31 ` 3c59x David S. Miller
2003-06-10 17:39 ` 3c59x chas williams
2003-06-10 17:43 ` 3c59x David S. Miller
2003-06-11 17:52 ` Route cache performance under stress Robert Olsson
2003-06-10 1:53 ` Simon Kirby
2003-06-10 3:18 ` Ralph Doncaster
2003-06-10 16:06 ` David S. Miller
2003-06-10 15:56 ` David S. Miller
2003-06-10 16:45 ` 3c59x (was Route cache performance under stress) Bogdan Costescu
2003-06-10 16:49 ` Andi Kleen
2003-06-11 9:54 ` Robert Olsson
2003-06-11 10:05 ` Andi Kleen
2003-06-11 10:38 ` Robert Olsson
2003-06-11 12:08 ` Jamal Hadi
2003-06-10 17:12 ` 3c59x David S. Miller
2003-06-10 17:19 ` Route cache performance under stress Ralph Doncaster
2003-06-10 15:49 ` David S. Miller
2003-06-10 17:33 ` Ralph Doncaster
2003-06-10 17:32 ` David S. Miller
2003-06-10 18:34 ` Robert Olsson
2003-06-10 18:57 ` David S. Miller
2003-06-10 19:53 ` Robert Olsson
2003-06-10 21:36 ` CIT/Paul
2003-06-10 21:39 ` Ralph Doncaster
2003-06-10 22:20 ` David S. Miller
2003-06-10 23:58 ` Ralph Doncaster
2003-06-10 23:57 ` David S. Miller
2003-06-11 0:41 ` Ralph Doncaster
2003-06-11 0:58 ` David S. Miller
2003-06-11 0:58 ` David S. Miller
2003-06-11 0:51 ` Ben Greear
2003-06-11 1:01 ` David S. Miller
2003-06-11 1:15 ` Ben Greear
2003-06-11 1:22 ` David S. Miller
2003-06-11 1:51 ` Ben Greear
2003-06-11 3:33 ` David S. Miller
2003-06-11 11:54 ` gettime: Was (Re: " Jamal Hadi
2003-06-11 12:08 ` Andi Kleen
2003-06-12 3:30 ` David S. Miller
2003-06-12 6:32 ` Ben Greear
2003-06-12 8:46 ` David S. Miller
2003-06-11 15:57 ` Ben Greear
2003-06-12 3:29 ` David S. Miller
2003-06-11 1:17 ` Ralph Doncaster
2003-06-11 1:23 ` David S. Miller
2003-06-11 7:28 ` Andi Kleen
2003-06-11 7:25 ` Andi Kleen
2003-06-11 17:40 ` Robert Olsson
2003-06-13 5:38 ` David S. Miller
2003-06-13 10:22 ` Robert Olsson
2003-06-13 17:15 ` Robert Olsson
2003-06-12 6:45 ` David S. Miller
2003-06-12 13:56 ` Robert Olsson
2003-06-12 21:35 ` David S. Miller
2003-06-13 10:50 ` Robert Olsson
2003-06-10 0:56 ` Ralph Doncaster
2003-06-09 11:38 ` Jamal Hadi
2003-06-09 11:55 ` David S. Miller
2003-06-09 12:18 ` Jamal Hadi
2003-06-09 12:32 ` David S. Miller
2003-06-09 13:22 ` Jamal Hadi
2003-06-09 13:22 ` David S. Miller
2003-06-09 8:56 ` David S. Miller
2003-06-09 22:39 ` Robert Olsson
2003-06-09 6:25 ` David S. Miller
2003-06-09 6:59 ` Simon Kirby
2003-06-09 7:03 ` David S. Miller
2003-06-09 13:04 ` Ralph Doncaster
2003-06-09 13:26 ` Jamal Hadi
2003-06-09 5:44 ` David S. Miller
2003-06-09 5:51 ` CIT/Paul
2003-06-09 6:03 ` David S. Miller
2003-06-09 6:52 ` Simon Kirby
2003-06-09 6:56 ` David S. Miller
2003-06-09 7:36 ` Simon Kirby
2003-06-09 8:18 ` Simon Kirby
2003-06-09 8:22 ` David S. Miller
2003-06-09 8:31 ` Simon Kirby
2003-06-09 9:01 ` David S. Miller
2003-06-09 9:47 ` Andi Kleen
2003-06-09 10:03 ` David S. Miller
2003-06-09 10:13 ` Andi Kleen
2003-06-09 10:13 ` David S. Miller
2003-06-09 10:40 ` YOSHIFUJI Hideaki / 吉藤英明
2003-06-09 10:40 ` David S. Miller
2003-06-09 14:14 ` David S. Miller
2003-06-09 6:47 ` Simon Kirby
2003-06-09 6:49 ` David S. Miller
2003-06-09 13:28 ` Ralph Doncaster
2003-06-09 16:30 ` Simon Kirby
2003-06-17 20:58 ` Florian Weimer
2003-06-09 5:38 ` David S. Miller
2003-06-10 3:05 ` Steven Blake
2003-06-12 6:31 ` David S. Miller
2003-06-08 17:58 ` Pekka Savola
2003-05-21 0:09 ` Simon Kirby
2003-05-21 0:13 ` David S. Miller
2003-05-26 9:29 ` Florian Weimer
[not found] <8765pshpd4.fsf@deneb.enyo.de>
2003-04-05 18:17 ` Martin Josefsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030521084023.Y43543@shell.cyberus.ca \
--to=hadi@shell.cyberus.ca \
--cc=davem@redhat.com \
--cc=linux-net@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=sim@netnation.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).