From: David Miller <davem@davemloft.net>
To: ebiederm@xmission.com
Cc: xiyou.wangcong@gmail.com, netdev@vger.kernel.org,
kaber@trash.net, stephen@networkplumber.org,
cwang@twopensource.com, stefan.bader@canonical.com,
stephane.graber@canonical.com, chris.j.arges@canonical.com,
serge.hallyn@canonical.com
Subject: Re: [Patch net-next] net: make neigh tables per netns
Date: Thu, 26 Jun 2014 15:44:28 -0700 (PDT) [thread overview]
Message-ID: <20140626.154428.1099304313432511688.davem@davemloft.net> (raw)
In-Reply-To: <87egybibh5.fsf@x220.int.ebiederm.org>
From: ebiederm@xmission.com (Eric W. Biederman)
Date: Thu, 26 Jun 2014 14:53:42 -0700
> The highlights of our earlier conversation.
Thanks for the context.
First of all it is clear that once you start creating containers on the
order of half the global neigh limit, yes you will run into problems as
it's easy to have 2 or more outputs in flight.
So it would perhaps be wise to scale the limits (in some way) based
upon the number of namespaces, but still keep it a global limit.
These entries consume a global resource (memory) and benefit from
global sharing, so I am still convinced that making the tables
themselves per-ns does not make any sense.
Secondly, if there are things holding onto neighbour entries for real
we should find this out. Once could audit neigh_lookup*() invocations
to see where that might be happening. Also neigh_create() calls with
'want_ref' set to true.
Finally, another problem are permanent neigh entries as those cannot
be reclaimed, that might be part of the main problem here.
One idea wrt. permanent entries is that we could decide that, since
they are administratively added, they don't count against the
thresholds and limits.
next prev parent reply other threads:[~2014-06-26 22:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-23 22:09 [Patch net-next] net: make neigh tables per netns Cong Wang
2014-06-25 23:33 ` David Miller
2014-06-26 0:04 ` Eric W. Biederman
2014-06-26 0:22 ` Cong Wang
2014-06-26 1:17 ` Eric W. Biederman
2014-06-26 6:14 ` Michal Kubecek
2014-06-26 12:10 ` Eric W. Biederman
2014-06-26 20:43 ` David Miller
[not found] ` <87egybibh5.fsf@x220.int.ebiederm.org>
2014-06-26 22:44 ` David Miller [this message]
2014-06-28 0:09 ` Cong Wang
2014-06-28 5:12 ` Eric W. Biederman
2014-06-30 18:15 ` Jesper Dangaard Brouer
2014-06-30 18:54 ` Hannes Frederic Sowa
2014-11-04 15:49 ` Stéphane Graber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140626.154428.1099304313432511688.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=chris.j.arges@canonical.com \
--cc=cwang@twopensource.com \
--cc=ebiederm@xmission.com \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=serge.hallyn@canonical.com \
--cc=stefan.bader@canonical.com \
--cc=stephane.graber@canonical.com \
--cc=stephen@networkplumber.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).