From: Vincent Bernat <vincent@bernat.im>
To: David Miller <davem@davemloft.net>
Cc: edumazet@google.com, linux-doc@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH] tcp: more documentation for tcp_tw_reuse and tcp_tw_recycle
Date: Wed, 07 May 2014 21:55:49 +0200 [thread overview]
Message-ID: <m3eh058it6.fsf@neo.luffy.cx> (raw)
In-Reply-To: <20140507.151637.562958118271192092.davem@davemloft.net> (David Miller's message of "Wed, 07 May 2014 15:16:37 -0400 (EDT)")
❦ 7 mai 2014 15:16 -0400, David Miller <davem@davemloft.net> :
>> The documentation is not very helpful about what those settings
>> affect. We find numerous tuning guides advising to set both these
>> settings to 1 to reduce the number of entries in the TIME-WAIT
>> state. However, enabling tcp_tw_recycle will cause massive problems when
>> working with NAT.
>>
>> The documentation is completed a bit to explain quickly what kind of
>> connections both those settings will affect and to encourage the use of
>> tcp_tw_reuse instead of tcp_tw_recycle for outgoing connections.
>
> First of all your change locks a proper signoff.
Sorry for that. I'll resend once the other problem is fixed.
> Second of all, both options can cause problems in the presence of NAT
> because both optimizations assume unique IP addresses identify unique
> physical hosts.
If NAT is done at the remote end (the outgoing connection is to some
load-balanced VIP) and if a TW state is reused for another
host than the original host, this can be one of those cases:
1. There was no prior connection to the other host, so no problem.
2. There was a prior connection to this host and the TW state has
properly expired (60-second regular timeout), no problem.
3. There was a prior connection to this host and the TW state has been
reused previously, so we are already in the right condition
(timestamps) to do the same thing.
I don't see a scenario where NAT can be a problem with tcp_tw_reuse.
If the NAT is done on the local end (we are behind a NAT device), as the
TW is on our side, I don't see what problem could have the remote end
which has properly closed the connection. Even without tcp_tw_reuse, the
remote side could get a legit connection from another local host.
We could be on the safe side and say that both settings may interact
badly with NAT gateways (or any altering gateways), but in this case,
both settings will look the same and the documentation will be as
unhelpful as it is now to someone which insists on using those settings.
--
/* After several hours of tedious analysis, the following hash
* function won. Do not mess with it... -DaveM
*/
2.2.16 /usr/src/linux/fs/buffer.c
prev parent reply other threads:[~2014-05-07 19:55 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-04 9:41 [PATCH net-next] tcp: more documentation for tcp_tw_reuse and tcp_tw_recycle Vincent Bernat
2014-05-04 9:41 ` [PATCH] " Vincent Bernat
2014-05-07 19:16 ` David Miller
2014-05-07 19:55 ` Vincent Bernat [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3eh058it6.fsf@neo.luffy.cx \
--to=vincent@bernat.im \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-doc@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).