From: Josh Hunt <johunt@akamai.com>
To: Patrick McHardy <kaber@trash.net>,
Daniel Borkmann <daniel@iogearbox.net>
Cc: Thomas Graf <tgraf@suug.ch>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
davem@davemloft.net, alexei.starovoitov@gmail.com,
herbert@gondor.apana.org.au, ying.xue@windriver.com,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
josh@joshtriplett.org
Subject: Re: Ottawa and slow hash-table resize
Date: Tue, 24 Feb 2015 10:14:44 -0600 [thread overview]
Message-ID: <54ECA374.7060402@akamai.com> (raw)
In-Reply-To: <20150224104232.GK3713@acer.localdomain>
On 02/24/2015 04:42 AM, Patrick McHardy wrote:
> On 24.02, Daniel Borkmann wrote:
>> On 02/24/2015 09:59 AM, Thomas Graf wrote:
>>> On 02/23/15 at 10:49am, Paul E. McKenney wrote:
>>>> Hello!
>>>>
>>>> Alexei mentioned that there was some excitement a couple of weeks ago in
>>>> Ottawa, something about the resizing taking forever when there were large
>>>> numbers of concurrent additions. One approach comes to mind:
>>>
>>> @Dave et al,
>>> Just want to make sure we have the same level of understanding of
>>> urgency for this. The only practical problem experienced so far is
>>> loading n*1M entries into an nft_hash set which takes 3s for 4M
>>> entries upon restore. A regular add is actually fine as it provides
>>> a hint and sizes the table accordingly.
>>
>> Btw, there is one remaining bug in nft that Josh Hunt found which
>> should go into 3.20/4.0, it's not in -net tree, so it could have
>> affected testing with nft. We're currently missing max_shift
>> parameter in nft's rhashtable initialization.
>>
>> This means that there will be _no_ expansions as rht_grow_above_75()
>> will end up always returning false. It's not that dramatic when you
>> have a proper hint provided, but when you start out small
>> (NFT_HASH_ELEMENT_HINT = 3) and try to squeeze 1M entries into it,
>> it might take a while.
>>
>> Simplest fix would be, similarly as in other users:
>>
>> diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
>> index 61e6c40..47abdca 100644
>> --- a/net/netfilter/nft_hash.c
>> +++ b/net/netfilter/nft_hash.c
>> @@ -192,6 +192,7 @@ static int nft_hash_init(const struct nft_set *set,
>> .key_offset = offsetof(struct nft_hash_elem, key),
>> .key_len = set->klen,
>> .hashfn = jhash,
>> + .max_shift = 20, /* 1M */
>> .grow_decision = rht_grow_above_75,
>> .shrink_decision = rht_shrink_below_30,
>> };
>>
>> But I presume Josh wanted to resend his code ... or wait for nft
>> folks to further review?
>
> We're perfectly fine with that patch, although I'd say lets use a
> slightly larger value (24) to cover what we know people are doing
> using ipset.
>
I just sent a patch similar to Daniel's in the set 'nft hash resize
fixes' using a max_shift value of 24. I still think this value should be
tunable, but sent the patch to fix the immediate expansion problem for now.
Josh
next prev parent reply other threads:[~2015-02-24 16:14 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-23 18:49 Ottawa and slow hash-table resize Paul E. McKenney
2015-02-23 19:12 ` josh
2015-02-23 21:03 ` Thomas Graf
2015-02-23 21:52 ` Paul E. McKenney
2015-02-23 22:32 ` David Miller
2015-02-23 23:06 ` Paul E. McKenney
2015-02-24 8:37 ` Thomas Graf
2015-02-24 10:39 ` Patrick McHardy
2015-02-24 10:46 ` David Laight
2015-02-24 10:48 ` Patrick McHardy
2015-02-24 17:09 ` David Miller
2015-02-24 17:50 ` Thomas Graf
2015-02-24 18:26 ` David Miller
2015-02-24 18:45 ` josh
2015-02-24 22:34 ` Thomas Graf
2015-02-25 8:56 ` Herbert Xu
2015-02-25 17:38 ` Thomas Graf
2015-02-24 18:33 ` josh
2015-02-25 8:55 ` Herbert Xu
2015-02-25 17:38 ` Thomas Graf
2015-02-23 21:00 ` Thomas Graf
2015-02-23 22:35 ` Paul E. McKenney
2015-02-24 8:59 ` Thomas Graf
2015-02-24 9:38 ` Daniel Borkmann
2015-02-24 10:42 ` Patrick McHardy
2015-02-24 16:14 ` Josh Hunt [this message]
2015-02-24 16:25 ` Patrick McHardy
2015-02-24 16:57 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2015-02-23 22:17 Alexei Starovoitov
2015-02-23 22:34 ` David Miller
2015-02-23 22:37 ` Paul E. McKenney
2015-02-23 23:07 Alexei Starovoitov
2015-02-23 23:15 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54ECA374.7060402@akamai.com \
--to=johunt@akamai.com \
--cc=alexei.starovoitov@gmail.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=josh@joshtriplett.org \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=tgraf@suug.ch \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).