From: David Miller <davem@davemloft.net>
To: gorcunov@gmail.com
Cc: eric.dumazet@gmail.com, netdev@vger.kernel.org,
solar@openwall.com, vvs@virtuozzo.com, avagin@virtuozzo.com,
xemul@virtuozzo.com, vdavydov@virtuozzo.com,
khorenko@virtuozzo.com
Subject: Re: [RFC] net: ipv4 -- Introduce ifa limit per net
Date: Wed, 09 Mar 2016 12:19:28 -0500 (EST) [thread overview]
Message-ID: <20160309.121928.103638956202937455.davem@davemloft.net> (raw)
In-Reply-To: <20160309163919.GJ2207@uranus.lan>
From: Cyrill Gorcunov <gorcunov@gmail.com>
Date: Wed, 9 Mar 2016 19:39:19 +0300
> 9.21% [kernel] [k] nf_ct_iterate_cleanup
...
> Release
> -------
> 24.26% [kernel] [k] _raw_spin_lock
> 17.55% [kernel] [k] preempt_count_add
> 14.81% [kernel] [k] __local_bh_enable_ip
> 14.17% [kernel] [k] preempt_count_sub
> 10.10% [kernel] [k] nf_ct_iterate_cleanup
...
> The main problem still I think is that we allow to request
> as many inet addresses as there is enough free memory and
> of course kernel can't handle all in O(1) time, all resources
> must be released so there always be some lagging moment. Thus
> maybe introducing limits would be a good idea for sysadmins.
Primary problem seems to be netfilter conntrack.
It's at least 10 times more expensive than any of the other
operations and probably is where all of the lock banging is
coming from.
I'm not adding a limit when there is so much low hanging fruit
remaining, no way.
next prev parent reply other threads:[~2016-03-09 17:19 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-04 21:39 [RFC] net: ipv4 -- Introduce ifa limit per net Cyrill Gorcunov
2016-03-04 22:50 ` David Miller
2016-03-05 0:08 ` Eric Dumazet
2016-03-05 4:11 ` David Miller
2016-03-05 7:18 ` Cyrill Gorcunov
2016-03-05 15:57 ` Cyrill Gorcunov
2016-03-05 16:33 ` David Miller
2016-03-05 17:00 ` Cyrill Gorcunov
2016-03-05 18:44 ` Cyrill Gorcunov
2016-03-06 10:09 ` Cyrill Gorcunov
2016-03-06 16:23 ` Eric Dumazet
2016-03-06 17:06 ` Cyrill Gorcunov
2016-03-09 16:39 ` Cyrill Gorcunov
2016-03-09 16:51 ` Cyrill Gorcunov
2016-03-09 16:58 ` Alexei Starovoitov
2016-03-09 17:09 ` Cyrill Gorcunov
2016-03-09 17:24 ` David Miller
2016-03-09 17:53 ` Cyrill Gorcunov
2016-03-09 19:55 ` Cyrill Gorcunov
2016-03-09 20:27 ` David Miller
2016-03-09 20:41 ` Cyrill Gorcunov
2016-03-09 20:47 ` David Miller
2016-03-09 20:57 ` Cyrill Gorcunov
2016-03-09 21:10 ` David Miller
2016-03-09 21:16 ` Cyrill Gorcunov
2016-03-10 10:20 ` Cyrill Gorcunov
2016-03-10 11:03 ` Cyrill Gorcunov
2016-03-10 15:09 ` Cyrill Gorcunov
2016-03-10 18:01 ` David Miller
2016-03-10 18:48 ` Cyrill Gorcunov
2016-03-10 19:02 ` Cong Wang
2016-03-10 19:55 ` David Miller
2016-03-10 20:01 ` Cyrill Gorcunov
2016-03-10 20:03 ` David Miller
2016-03-10 20:13 ` Cyrill Gorcunov
2016-03-10 20:19 ` Cyrill Gorcunov
2016-03-10 21:05 ` David Miller
2016-03-10 21:19 ` Cyrill Gorcunov
2016-03-10 21:59 ` Cyrill Gorcunov
2016-03-10 22:36 ` David Miller
2016-03-10 22:40 ` Cyrill Gorcunov
2016-03-11 20:40 ` David Miller
2016-03-11 20:58 ` Florian Westphal
2016-03-11 21:00 ` Cyrill Gorcunov
2016-03-11 21:22 ` Cyrill Gorcunov
2016-03-11 21:59 ` Cyrill Gorcunov
2016-03-14 3:29 ` David Miller
2016-03-10 21:09 ` Cong Wang
2016-03-09 17:19 ` David Miller [this message]
2016-03-05 6:58 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160309.121928.103638956202937455.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=avagin@virtuozzo.com \
--cc=eric.dumazet@gmail.com \
--cc=gorcunov@gmail.com \
--cc=khorenko@virtuozzo.com \
--cc=netdev@vger.kernel.org \
--cc=solar@openwall.com \
--cc=vdavydov@virtuozzo.com \
--cc=vvs@virtuozzo.com \
--cc=xemul@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).