From: Andrew Lunn <andrew@lunn.ch>
To: David Ahern <dsahern@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>,
netdev@vger.kernel.org, davem@davemloft.net, mlxsw@mellanox.com,
jakub.kicinski@netronome.com, f.fainelli@gmail.com,
vivien.didelot@gmail.com, mkubecek@suse.cz,
stephen@networkplumber.org, daniel@iogearbox.net,
brouer@redhat.com, eric.dumazet@gmail.com
Subject: Re: [RFC] implicit per-namespace devlink instance to set kernel resource limitations
Date: Tue, 6 Aug 2019 20:03:46 +0200 [thread overview]
Message-ID: <20190806180346.GD17072@lunn.ch> (raw)
In-Reply-To: <c615dce5-9307-7640-2877-4e5c01e565c0@gmail.com>
On Tue, Aug 06, 2019 at 11:38:32AM -0600, David Ahern wrote:
> On 8/6/19 10:40 AM, Jiri Pirko wrote:
> > Hi all.
> >
> > I just discussed this with DavidA and I would like to bring this to
> > broader audience. David wants to limit kernel resources in network
> > namespaces, for example fibs, fib rules, etc.
> >
> > He claims that devlink api is rich enough to program this limitations
> > as it already does for mlxsw hw resources for example. If we have this
> > api for hardware, why don't to reuse it for the kernel and it's
> > resources too?
>
> The analogy is that a kernel is 'programmed' just like hardware, it has
> resources just like hardware (e.g., memory) and those resources are
> limited as well. So the resources consumed by fib entries, rules,
> nexthops, etc should be controllable.
I expect one question that will come up is why not control
groups. That is often used by the rest of the kernel for resource
control.
But cgroups are mostly about limiting resources for a collection of
processes. I don't think that is true for networking resources. The
resources we are talking about are orthogonal to processes. Or are
there any resources which should be linked to processes? eBPF
resources?
> > So the proposal is to have some new device, say "kernelnet", that would
> > implicitly create per-namespace devlink instance.
Maybe kernelns, to make it clear we are talking about namespace
resources.
Going back to cgroups concept. They are generally hierarchical. Do we
need any sort of hierarchy here? Are there some resources we want to
set a global limit on, and then a per namespace limit on top of that?
We would then need two names, and kernelnet sounds more like the
global level?
Andrew
next prev parent reply other threads:[~2019-08-06 18:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-06 16:40 [RFC] implicit per-namespace devlink instance to set kernel resource limitations Jiri Pirko
2019-08-06 17:38 ` David Ahern
2019-08-06 18:03 ` Andrew Lunn [this message]
2019-08-07 2:33 ` David Ahern
2019-08-07 2:59 ` Andrew Lunn
2019-08-07 3:10 ` David Ahern
2019-08-07 18:57 ` Jakub Kicinski
2019-08-07 18:49 ` Jakub Kicinski
2019-08-07 20:55 ` David Ahern
2019-08-06 18:27 ` Jakub Kicinski
2019-08-06 18:38 ` Jiri Pirko
2019-08-06 18:54 ` Jakub Kicinski
2019-08-06 19:06 ` Andrew Lunn
2019-08-08 18:03 ` Jonathan Lemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190806180346.GD17072@lunn.ch \
--to=andrew@lunn.ch \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=eric.dumazet@gmail.com \
--cc=f.fainelli@gmail.com \
--cc=jakub.kicinski@netronome.com \
--cc=jiri@resnulli.us \
--cc=mkubecek@suse.cz \
--cc=mlxsw@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=vivien.didelot@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).