From mboxrd@z Thu Jan  1 00:00:00 1970
From: Willy Tarreau <w@1wt.eu>
Subject: Re: [PATCH] net: bridge: add max_fdb_count
Date: Fri, 17 Nov 2017 19:44:31 +0100
Message-ID: <20171117184431.GA17987@1wt.eu>
References: <1510774027-2468-1-git-send-email-srn@prgmr.com>
 <4f31ae8b-352e-d2ab-cd71-4b31f76e666a@cumulusnetworks.com>
 <4d756a43-e51d-c52d-7b4b-fce61f021a66@prgmr.com>
 <20171116095846.GB14616@1wt.eu>
 <3d08c77f-8d71-e302-d3f7-24acc6df9414@prgmr.com>
 <20171116192325.GA16122@lunn.ch>
 <m3ineaoty4.fsf@luffy.cx>
 <20171116162718.3c252ff1@xeon-e3>
 <20171117052608.GB16950@1wt.eu>
 <20171117140623.GA5809@lunn.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Stephen Hemminger <stephen@networkplumber.org>,
        Vincent Bernat <bernat@luffy.cx>, Sarah Newman <srn@prgmr.com>,
        Nikolay Aleksandrov <nikolay@cumulusnetworks.com>,
        netdev@vger.kernel.org, roopa <roopa@cumulusnetworks.com>
To: Andrew Lunn <andrew@lunn.ch>
Return-path: <netdev-owner@vger.kernel.org>
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:36131 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751762AbdKQSoo (ORCPT <rfc822;netdev@vger.kernel.org>);
        Fri, 17 Nov 2017 13:44:44 -0500
Content-Disposition: inline
In-Reply-To: <20171117140623.GA5809@lunn.ch>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Hi Andrew,

On Fri, Nov 17, 2017 at 03:06:23PM +0100, Andrew Lunn wrote:
> > Usually it's better to apply LRU or random here in my opinion, as the
> > new entry is much more likely to be needed than older ones by definition.
> 
> Hi Willy
> 
> I think this depends on why you need to discard. If it is normal
> operation and the limits are simply too low, i would agree.
> 
> If however it is a DoS, throwing away the new entries makes sense,
> leaving the old ones which are more likely to be useful.
> 
> Most of the talk in this thread has been about limits for DoS
> prevention...

Sure but my point is that it can kick in on regular traffic and in
this case it can be catastrophic. That's only what bothers me. If
we have an unlimited default value with this algorithm I'm fine
because nobody will get caught by accident with a bridge suddenly
replicating high traffic on all ports because an unknown limit was
reached. That's the principle of least surprise.

I know that when fighting DoSes there's never any universally good
solutions and one has to make tradeoffs. I'm perfectly fine with this.

Cheers,
Willy