| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jan 2011 01:51:39 +0300 From: "Oleg V. Ukhno" <olegu@...dex-team.ru> To: Jay Vosburgh <fubar@...ibm.com> CC: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH] bonding: added 802.3ad round-robin hashing policy for single TCP session balancing Jay Vosburgh wrote: > This is a violation of the 802.3ad (now 802.1ax) standard, 5.2.1 > (f), which requires that all frames of a given "conversation" are passed > to a single port. > > The existing layer3+4 hash has a similar problem (that it may > send packets from a conversation to multiple ports), but for that case > it's an unlikely exception (only in the case of IP fragmentation), but > here it's the norm. At a minimum, this must be clearly documented. > > Also, what does a round robin in 802.3ad provide that the > existing round robin does not? My presumption is that you're looking to > get the aggregator autoconfiguration that 802.3ad provides, but you > don't say. > > I don't necessarily think this is a bad cheat (round robining on > 802.3ad as an explicit non-standard extension), since everybody wants to > stripe their traffic across multiple slaves. I've given some thought to > making round robin into just another hash mode, but this also does some > magic to the MAC addresses of the outgoing frames (more on that below). Yes, I am resetting MAC addresses when transmitting packets to have switch to put packets into different ports of the receiving etherchannel. I am using this patch to provide full-mesh ISCSI connectivity between at least 4 hosts (all hosts of course are in same ethernet segment) and every host is connected with aggregate link with 4 slaves(usually). Using round-robin I provide near-equal load striping when transmitting, using MAC address magic I force switch to stripe packets over all slave links in destination port-channel(when number of rx-ing slaves is equal to number ot tx-ing slaves and is even). So I am able to utilize all slaves for tx and for rx up to maximum capacity; besides I am getting L2 link failure detection (and load rebalancing), which is (in my opinion) much faster and robust than L3 or than dm-multipath provides. It's my idea with the patch > > > This is the code that resets the MAC header as described above. > It doesn't quite match the documentation, since it only resets the MAC > for ETH_P_IP packets. Yes, I really meant that my patch applies to ETH_P_IP packets and I've missed that from documentation I wrote. > > > --- > -Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com > -- Best regards, Oleg Ukhno -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists