From: Simon Kirby <sim@netnation.com>
To: CIT/Paul <xerox@foonet.net>
Cc: "'Florian Weimer'" <fw@deneb.enyo.de>,
netdev@oss.sgi.com, linux-net@vger.kernel.org
Subject: Re: Route cache performance under stress
Date: Sun, 8 Jun 2003 23:47:19 -0700 [thread overview]
Message-ID: <20030609064719.GA20613@netnation.com> (raw)
In-Reply-To: <001001c32e19$81bc7ea0$4a00000a@badass>
On Sun, Jun 08, 2003 at 07:55:58PM -0400, CIT/Paul wrote:
> A denial of service attack going on, OR you just have millions of hosts
> going through the router (if you were an ISP). Anything with seeminly
> Random source ips (something like juno-z.101f.c will generate worst case
> scenario for forwarding packets) will cause the cache to constantly
> Add new entries at pretty much the rate of the attack.. This can stifle
> just about any linux router with a measly 10 megabits/second of traffic
> unless
> The router is tuned up to a large degree (NAPI, certain nics, route
> cache timings, etc.) and even then it can still be destroyed no matter
> what
> The cpu is with less than 100,000 packets per second and in mosts cases
> less than 30k.. That's why it's just no acceptable for companies using
> it as a replacement for say a cisco 7200 VXR series (npe300,400 nsf-1,
> etc.) which can do 300K+ packet per second of routing (and yes it can
> even route juno-z.101f.c at 300kpps, I have tested it). Linux has no
> problem doing 300kpps from a single source to a single destination
> provided you have NAPI or ITR or something limiting the interrupts.. The
> overhead is the route cache and the related systems that use it and also
> netfilter is very slow :/ One of these days they will fix it..... If
Whoa, wait a second.
You got a 7200 VXR to do 300kpps? I would have liked to see that.
We couldn't get our 7206 VXR routers to do anything more than about 12
Mbit/second of small packets, which I believe is about 40,000 packets
per second. This is with CEF disabled, because it ended up duplicating
packets and doing some other strange things with CEF enabled.
Also, I remember trying with a bucketload of netfilter rules and finding
that the performance difference was hardly noticeable.
Linux can route small packets with random src/dst at much faster than 10
Mbit/sec. It depeends on the hardware as you say, but it shouldn't ever
be that slow on reasonable hardware.
I remember back even in 1998 with the 2.0 kernel (before the route cache
existed) on a Celeron 300A with eepro100 cards (eepro100 driver, no
interrupt coalescing, definitely no NAPI) was cable of routing at least
20 Mbit/second of SYN packets from random sources. In fact, I remember
it happily choking some old 3Com switches we had at the time.
I recently saw 90 Mbit/second of additional traffic (small packets with
random sources) going through our routers (now single Athlon 1800MP (MP
for APIC), tg3, NAPI, BGP routing tables), and they didn't seem to care.
It's definitely not yet perfect, but it's not bad. The hashing fixes for
large routing tables which Dave M. recently posted has made the situation
much better -- it was very broken before. What did your routing table
look like when you were doing tests?
I have fiddled with the route cache garbage collection parameters a bit,
but I haven't really been able to reduce the CPU usage by much at all.
Really, though, shouldn't the route cache overhead be fairly small in
comparison to everything else involved in forwarding?
Simon-
next prev parent reply other threads:[~2003-06-09 6:47 UTC|newest]
Thread overview: 217+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87d6iit4g7.fsf@deneb.enyo.de>
[not found] ` <20030517.150933.74723581.davem@redhat.com>
[not found] ` <87iss87gqd.fsf@deneb.enyo.de>
2003-05-18 9:31 ` Route cache performance under stress David S. Miller
2003-05-19 17:36 ` Jamal Hadi
2003-05-19 19:18 ` Ralph Doncaster
2003-05-19 22:37 ` Jamal Hadi
2003-05-20 1:10 ` Simon Kirby
2003-05-20 1:14 ` David S. Miller
2003-05-20 1:23 ` Jamal Hadi
2003-05-20 1:24 ` David S. Miller
2003-05-20 2:13 ` Jamal Hadi
2003-05-20 5:01 ` Pekka Savola
2003-05-20 11:47 ` Jamal Hadi
2003-05-20 11:55 ` Pekka Savola
2003-05-20 6:46 ` David S. Miller
2003-05-20 12:04 ` Jamal Hadi
2003-05-21 0:36 ` David S. Miller
2003-05-21 13:03 ` Jamal Hadi
2003-05-23 5:42 ` David S. Miller
2003-05-22 8:40 ` Simon Kirby
2003-05-22 8:58 ` David S. Miller
2003-05-22 10:40 ` David S. Miller
2003-05-22 11:15 ` Martin Josefsson
2003-05-23 1:00 ` David S. Miller
2003-05-23 1:01 ` David S. Miller
2003-05-23 8:21 ` Andi Kleen
2003-05-23 8:22 ` David S. Miller
2003-05-23 9:03 ` Andi Kleen
2003-05-23 9:59 ` David S. Miller
2003-05-24 0:41 ` Andrew Morton
2003-05-26 2:29 ` David S. Miller
2003-05-22 11:44 ` Simon Kirby
2003-05-22 13:03 ` Martin Josefsson
2003-05-23 0:55 ` David S. Miller
2003-05-22 22:33 ` David S. Miller
2003-05-29 20:51 ` Simon Kirby
2003-06-02 10:58 ` Robert Olsson
2003-06-02 15:18 ` Simon Kirby
2003-06-02 16:36 ` Robert Olsson
2003-06-02 18:05 ` Simon Kirby
2003-06-09 17:21 ` David S. Miller
2003-06-09 17:19 ` David S. Miller
2003-05-23 0:59 ` David S. Miller
2003-05-26 7:18 ` Florian Weimer
2003-05-26 7:29 ` David S. Miller
2003-05-26 9:34 ` Florian Weimer
2003-05-27 6:32 ` David S. Miller
2003-06-08 11:39 ` Florian Weimer
2003-06-08 12:05 ` David S. Miller
2003-06-08 13:10 ` Florian Weimer
2003-06-08 23:49 ` Simon Kirby
2003-06-08 23:55 ` CIT/Paul
2003-06-09 3:15 ` Jamal Hadi
2003-06-09 5:27 ` CIT/Paul
2003-06-09 5:58 ` David S. Miller
2003-06-09 6:28 ` CIT/Paul
2003-06-09 6:28 ` David S. Miller
2003-06-09 16:23 ` Stephen Hemminger
2003-06-09 16:37 ` David S. Miller
2003-06-09 7:13 ` Simon Kirby
2003-06-09 8:10 ` CIT/Paul
2003-06-09 8:27 ` Simon Kirby
2003-06-09 19:38 ` CIT/Paul
2003-06-09 21:30 ` David S. Miller
2003-06-09 22:19 ` Simon Kirby
2003-06-09 22:54 ` Robert Olsson
2003-06-13 6:21 ` David S. Miller
2003-06-13 10:40 ` Robert Olsson
2003-06-15 6:36 ` David S. Miller
2003-06-17 17:03 ` Robert Olsson
2003-06-09 22:56 ` CIT/Paul
2003-06-09 23:05 ` David S. Miller
2003-06-10 13:41 ` Robert Olsson
2003-06-10 0:03 ` Jamal Hadi
2003-06-10 0:32 ` Ralph Doncaster
2003-06-10 1:15 ` Jamal Hadi
2003-06-10 2:45 ` Ralph Doncaster
2003-06-10 3:23 ` Ben Greear
2003-06-10 3:41 ` Ralph Doncaster
2003-06-10 18:10 ` Ralph Doncaster
2003-06-10 18:21 ` Ben Greear
2003-06-10 4:34 ` Simon Kirby
2003-06-10 11:01 ` Jamal Hadi
2003-06-10 11:28 ` Jamal Hadi
2003-06-10 13:18 ` Ralph Doncaster
2003-06-10 16:10 ` David S. Miller
2003-06-10 10:53 ` Jamal Hadi
2003-06-10 11:41 ` chas williams
2003-06-10 16:27 ` David S. Miller
2003-06-10 16:57 ` chas williams
2003-06-10 11:41 ` Pekka Savola
2003-06-10 11:58 ` John S. Denker
2003-06-10 12:12 ` Jamal Hadi
2003-06-10 16:33 ` David S. Miller
2003-06-10 12:07 ` Jamal Hadi
2003-06-10 15:29 ` Ralph Doncaster
2003-06-11 19:48 ` Florian Weimer
2003-06-11 19:40 ` CIT/Paul
2003-06-11 21:09 ` Florian Weimer
2003-06-10 13:10 ` Ralph Doncaster
2003-06-10 13:36 ` Jamal Hadi
2003-06-10 14:03 ` Ralph Doncaster
2003-06-10 16:38 ` David S. Miller
2003-06-10 16:39 ` David S. Miller
2003-06-10 18:41 ` Florian Weimer
2003-06-11 11:47 ` Was (Re: " Jamal Hadi
2003-06-11 18:41 ` Real World Routers 8-) Florian Weimer
2003-06-10 15:53 ` Route cache performance under stress David S. Miller
2003-06-10 16:15 ` 3c59x (was Route cache performance under stress) Bogdan Costescu
2003-06-10 16:20 ` Andi Kleen
2003-06-10 16:23 ` Jeff Garzik
2003-06-10 17:02 ` 3c59x David S. Miller
2003-06-10 17:16 ` 3c59x Jeff Garzik
2003-06-10 17:14 ` 3c59x David S. Miller
2003-06-10 17:25 ` 3c59x Jeff Garzik
2003-06-10 17:30 ` 3c59x David S. Miller
2003-06-10 19:20 ` 3c59x Jeff Garzik
2003-06-10 19:21 ` 3c59x David S. Miller
2003-06-10 17:18 ` 3c59x Andi Kleen
2003-06-10 17:29 ` 3c59x chas williams
2003-06-10 17:31 ` 3c59x David S. Miller
2003-06-10 17:39 ` 3c59x chas williams
2003-06-10 17:43 ` 3c59x David S. Miller
2003-06-11 17:52 ` Route cache performance under stress Robert Olsson
2003-06-10 1:53 ` Simon Kirby
2003-06-10 3:18 ` Ralph Doncaster
2003-06-10 16:06 ` David S. Miller
2003-06-10 15:56 ` David S. Miller
2003-06-10 16:45 ` 3c59x (was Route cache performance under stress) Bogdan Costescu
2003-06-10 16:49 ` Andi Kleen
2003-06-11 9:54 ` Robert Olsson
2003-06-11 10:05 ` Andi Kleen
2003-06-11 10:38 ` Robert Olsson
2003-06-11 12:08 ` Jamal Hadi
2003-06-10 17:12 ` 3c59x David S. Miller
2003-06-10 17:19 ` Route cache performance under stress Ralph Doncaster
2003-06-10 15:49 ` David S. Miller
2003-06-10 17:33 ` Ralph Doncaster
2003-06-10 17:32 ` David S. Miller
2003-06-10 18:34 ` Robert Olsson
2003-06-10 18:57 ` David S. Miller
2003-06-10 19:53 ` Robert Olsson
2003-06-10 21:36 ` CIT/Paul
2003-06-10 21:39 ` Ralph Doncaster
2003-06-10 22:20 ` David S. Miller
2003-06-10 23:58 ` Ralph Doncaster
2003-06-10 23:57 ` David S. Miller
2003-06-11 0:41 ` Ralph Doncaster
2003-06-11 0:58 ` David S. Miller
2003-06-11 0:58 ` David S. Miller
2003-06-11 0:51 ` Ben Greear
2003-06-11 1:01 ` David S. Miller
2003-06-11 1:15 ` Ben Greear
2003-06-11 1:22 ` David S. Miller
2003-06-11 1:51 ` Ben Greear
2003-06-11 3:33 ` David S. Miller
2003-06-11 11:54 ` gettime: Was (Re: " Jamal Hadi
2003-06-11 12:08 ` Andi Kleen
2003-06-12 3:30 ` David S. Miller
2003-06-12 6:32 ` Ben Greear
2003-06-12 8:46 ` David S. Miller
2003-06-11 15:57 ` Ben Greear
2003-06-12 3:29 ` David S. Miller
2003-06-11 1:17 ` Ralph Doncaster
2003-06-11 1:23 ` David S. Miller
2003-06-11 7:28 ` Andi Kleen
2003-06-11 7:25 ` Andi Kleen
2003-06-11 17:40 ` Robert Olsson
2003-06-13 5:38 ` David S. Miller
2003-06-13 10:22 ` Robert Olsson
2003-06-13 17:15 ` Robert Olsson
2003-06-12 6:45 ` David S. Miller
2003-06-12 13:56 ` Robert Olsson
2003-06-12 21:35 ` David S. Miller
2003-06-13 10:50 ` Robert Olsson
2003-06-10 0:56 ` Ralph Doncaster
2003-06-09 11:38 ` Jamal Hadi
2003-06-09 11:55 ` David S. Miller
2003-06-09 12:18 ` Jamal Hadi
2003-06-09 12:32 ` David S. Miller
2003-06-09 13:22 ` Jamal Hadi
2003-06-09 13:22 ` David S. Miller
2003-06-09 8:56 ` David S. Miller
2003-06-09 22:39 ` Robert Olsson
2003-06-09 6:25 ` David S. Miller
2003-06-09 6:59 ` Simon Kirby
2003-06-09 7:03 ` David S. Miller
2003-06-09 13:04 ` Ralph Doncaster
2003-06-09 13:26 ` Jamal Hadi
2003-06-09 5:44 ` David S. Miller
2003-06-09 5:51 ` CIT/Paul
2003-06-09 6:03 ` David S. Miller
2003-06-09 6:52 ` Simon Kirby
2003-06-09 6:56 ` David S. Miller
2003-06-09 7:36 ` Simon Kirby
2003-06-09 8:18 ` Simon Kirby
2003-06-09 8:22 ` David S. Miller
2003-06-09 8:31 ` Simon Kirby
2003-06-09 9:01 ` David S. Miller
2003-06-09 9:47 ` Andi Kleen
2003-06-09 10:03 ` David S. Miller
2003-06-09 10:13 ` Andi Kleen
2003-06-09 10:13 ` David S. Miller
2003-06-09 10:40 ` YOSHIFUJI Hideaki / 吉藤英明
2003-06-09 10:40 ` David S. Miller
2003-06-09 14:14 ` David S. Miller
2003-06-09 6:47 ` Simon Kirby [this message]
2003-06-09 6:49 ` David S. Miller
2003-06-09 13:28 ` Ralph Doncaster
2003-06-09 16:30 ` Simon Kirby
2003-06-17 20:58 ` Florian Weimer
2003-06-09 5:38 ` David S. Miller
2003-06-10 3:05 ` Steven Blake
2003-06-12 6:31 ` David S. Miller
2003-06-08 17:58 ` Pekka Savola
2003-05-21 0:09 ` Simon Kirby
2003-05-21 0:13 ` David S. Miller
2003-05-26 9:29 ` Florian Weimer
[not found] <8765pshpd4.fsf@deneb.enyo.de>
2003-04-05 18:17 ` Martin Josefsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030609064719.GA20613@netnation.com \
--to=sim@netnation.com \
--cc=fw@deneb.enyo.de \
--cc=linux-net@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=xerox@foonet.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).