From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Thomas Graf <tgraf@suug.ch>
Cc: Shrijeet Mukherjee <shm@cumulusnetworks.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Jakub Kicinski <kubakici@wp.pl>,
John Fastabend <john.fastabend@gmail.com>,
David Miller <davem@davemloft.net>,
alexander.duyck@gmail.com, mst@redhat.com, shrijeet@gmail.com,
tom@herbertland.com, netdev@vger.kernel.org,
Roopa Prabhu <roopa@cumulusnetworks.com>,
Nikolay Aleksandrov <nikolay@cumulusnetworks.com>,
brouer@redhat.com
Subject: Re: [PATCH net-next RFC WIP] Patch for XDP support for virtio_net
Date: Wed, 2 Nov 2016 15:27:08 +0100 [thread overview]
Message-ID: <20161102152708.5cb40a0c@redhat.com> (raw)
In-Reply-To: <20161029112514.GC1810@pox.localdomain>
On Sat, 29 Oct 2016 13:25:14 +0200
Thomas Graf <tgraf@suug.ch> wrote:
> On 10/28/16 at 08:51pm, Shrijeet Mukherjee wrote:
> > Generally agree, but SRIOV nics with multiple queues can end up in a bad
> > spot if each buffer was 4K right ? I see a specific page pool to be used
> > by queues which are enabled for XDP as the easiest to swing solution that
> > way the memory overhead can be restricted to enabled queues and shared
> > access issues can be restricted to skb's using that pool no ?
Yes, that is why that I've been arguing so strongly for having the
flexibility to attach a XDP program per RX queue, as this only change
the memory model for this one queue.
> Isn't this clearly a must anyway? I may be missing something
> fundamental here so please enlighten me :-)
>
> If we dedicate a page per packet, that could translate to 14M*4K worth
> of memory being mapped per second for just a 10G NIC under DoS attack.
> How can one protect such as system? Is the assumption that we can always
> drop such packets quickly enough before we start dropping randomly due
> to memory pressure? If a handshake is required to determine validity
> of a packet then that is going to be difficult.
Under DoS attacks you don't run out of memory, because a diverse set of
socket memory limits/accounting avoids that situation. What does
happen is the maximum achievable PPS rate is directly dependent on the
time you spend on each packet. This use of CPU resources (and
hitting mem-limits-safe-guards) push-back on the drivers speed to
process the RX ring. In effect, packets are dropped in the NIC HW as
RX-ring queue is not emptied fast-enough.
Given you don't control what HW drops, the attacker will "successfully"
cause your good traffic to be among the dropped packets.
This is where XDP change the picture. If you can express (by eBPF) a
filter that can separate "bad" vs "good" traffic, then you can take
back control. Almost like controlling what traffic the HW should drop.
Given the cost of XDP-eBPF filter + serving regular traffic does not
use all of your CPU resources, you have overcome the attack.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2016-11-02 14:27 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-22 4:07 [PATCH net-next RFC WIP] Patch for XDP support for virtio_net Shrijeet Mukherjee
2016-10-23 16:38 ` Stephen Hemminger
2016-10-24 1:51 ` Shrijeet Mukherjee
2016-10-25 1:10 ` Alexei Starovoitov
2016-10-25 17:36 ` Jakub Kicinski
2016-10-26 13:52 ` Jesper Dangaard Brouer
2016-10-26 16:36 ` Michael S. Tsirkin
2016-10-26 16:52 ` David Miller
2016-10-26 17:07 ` Michael S. Tsirkin
2016-10-26 17:11 ` David Miller
2016-10-27 8:55 ` Jesper Dangaard Brouer
2016-10-27 21:09 ` John Fastabend
2016-10-27 21:30 ` Michael S. Tsirkin
2016-10-27 21:42 ` David Miller
2016-10-27 22:25 ` Michael S. Tsirkin
2016-10-28 1:35 ` David Miller
2016-10-28 1:43 ` Alexander Duyck
2016-10-28 2:10 ` David Miller
2016-10-28 15:56 ` John Fastabend
2016-10-28 16:18 ` Jakub Kicinski
2016-10-28 18:22 ` Alexei Starovoitov
2016-10-28 20:35 ` Alexander Duyck
2016-10-28 20:42 ` Jakub Kicinski
2016-10-28 20:36 ` Jakub Kicinski
2016-10-29 3:51 ` Shrijeet Mukherjee
2016-10-29 11:25 ` Thomas Graf
2016-11-02 14:27 ` Jesper Dangaard Brouer [this message]
2016-11-03 1:28 ` Shrijeet Mukherjee
2016-11-03 4:11 ` Michael S. Tsirkin
2016-11-03 6:44 ` John Fastabend
2016-11-03 22:20 ` John Fastabend
2016-11-03 22:42 ` Michael S. Tsirkin
2016-11-03 23:29 ` John Fastabend
2016-11-04 0:34 ` Michael S. Tsirkin
2016-11-04 23:05 ` John Fastabend
2016-11-06 6:50 ` Michael S. Tsirkin
2016-10-28 17:11 ` David Miller
2016-10-30 22:53 ` Michael S. Tsirkin
2016-11-02 14:01 ` Jesper Dangaard Brouer
2016-11-02 16:06 ` Alexander Duyck
2016-10-28 0:02 ` Shrijeet Mukherjee
2016-10-28 0:46 ` Shrijeet Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161102152708.5cb40a0c@redhat.com \
--to=brouer@redhat.com \
--cc=alexander.duyck@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=kubakici@wp.pl \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=roopa@cumulusnetworks.com \
--cc=shm@cumulusnetworks.com \
--cc=shrijeet@gmail.com \
--cc=tgraf@suug.ch \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).