lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 8 Oct 2015 10:10:11 -0700
From:	Tom Herbert <tom@...bertland.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Eric Dumazet <edumazet@...gle.com>,
	"David S . Miller" <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next 1/4] net: SO_INCOMING_CPU setsockopt() support

On Thu, Oct 8, 2015 at 10:00 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> On Thu, 2015-10-08 at 09:44 -0700, Tom Herbert wrote:
>
>> I see. We are not using SO_INCOMING_CPU_MASK as a defense against
>> DDOS. It's used ensure affinity in application connection processing
>> between CPUs. For instance, if we have two NUMA nodes we can start two
>> instances of the application bound to each node and then use
>> SO_REUSEPORT and SO_INCOMING_CPU_MASK to ensure connections are
>> processed on the the same NUMA node. Packets crossing NUMA boundaries
>> even with RFS is painful.
>
> Then maybe you need something simpler than a mask of cpus, like
> SO_INCOMING_NODE ?
>
> Note that this could also be automatically tuned.
>
> If you have a bunch of listeners on one port (could be 2), then the
> underlying node on which TCP socket was allocated could be used as a
> score modifier in compute_score()
>
Maybe, but I really like the simplicity of SO_INCOMING_CPU_MASK in
that it doesn't depend on NUMA configuration or RSS configuration.
It's very easy for the application to just set the same incoming CPU
mask to be the same CPU mask that the listener thread is bound to.
We've seen some nice performance benefits in doing with memcached,
that is to run an instances bound to the set of CPUs for each set NUMA
node and bind listener threads to the same set.

Tom

>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ