From: Christian Brauner <christian.brauner@ubuntu.com>
To: David Ahern <dsahern@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next] ipv6/route: inherit max_sizes from current netns
Date: Wed, 20 May 2020 19:24:17 +0200 [thread overview]
Message-ID: <20200520172417.4m7pyalpftdd2xrm@wittgenstein> (raw)
In-Reply-To: <4b22a3bc-9dae-3f49-6748-ec45deb09a01@gmail.com>
On Wed, May 20, 2020 at 10:54:21AM -0600, David Ahern wrote:
> On 5/20/20 8:58 AM, Christian Brauner wrote:
> > During NorthSec (cf. [1]) a very large number of unprivileged
> > containers and nested containers are run during the competition to
> > provide a safe environment for the various teams during the event. Every
> > year a range of feature requests or bug reports come out of this and
> > this year's no different.
> > One of the containers was running a simple VPN server. There were about
> > 1.5k users connected to this VPN over ipv6 and the container was setup
> > with about 100 custom routing tables when it hit the max_sizes routing
> > limit. After this no new connections could be established anymore,
> > pinging didn't work anymore; you get the idea.
> >
>
> should have been addressed by:
>
> commit d8882935fcae28bceb5f6f56f09cded8d36d85e6
> Author: Eric Dumazet <edumazet@google.com>
> Date: Fri May 8 07:34:14 2020 -0700
> ipv6: use DST_NOCOUNT in ip6_rt_pcpu_alloc()
> We currently have to adjust ipv6 route gc_thresh/max_size depending
> on number of cpus on a server, this makes very little sense.
>
>
> Did your tests include this patch?
No, it's also pretty hard to trigger. The conference was pretty good for
this.
I tested on top of rc6. I'm probably missing the big picture here, could
you briefy explain how this commit fixes the problem we ran into?
Thanks!
Christian
next prev parent reply other threads:[~2020-05-20 17:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 14:58 [PATCH net-next] ipv6/route: inherit max_sizes from current netns Christian Brauner
2020-05-20 16:54 ` David Ahern
2020-05-20 17:24 ` Christian Brauner [this message]
2020-05-20 17:27 ` David Ahern
2020-05-20 17:27 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200520172417.4m7pyalpftdd2xrm@wittgenstein \
--to=christian.brauner@ubuntu.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=kuba@kernel.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).