| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140922221727.GA4708@casper.infradead.org> Date: Mon, 22 Sep 2014 23:17:27 +0100 From: Thomas Graf <tgraf@...g.ch> To: Tom Herbert <therbert@...gle.com> Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>, Jiri Pirko <jiri@...nulli.us>, John Fastabend <john.r.fastabend@...el.com>, Jamal Hadi Salim <jhs@...atatu.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Neil Horman <nhorman@...driver.com>, Andy Gospodarek <andy@...yhouse.net>, Daniel Borkmann <dborkman@...hat.com>, Or Gerlitz <ogerlitz@...lanox.com>, Jesse Gross <jesse@...ira.com>, Pravin Shelar <pshelar@...ira.com>, Andy Zhou <azhou@...ira.com>, Ben Hutchings <ben@...adent.org.uk>, Stephen Hemminger <stephen@...workplumber.org>, Jeff Kirsher <jeffrey.t.kirsher@...el.com>, Vladislav Yasevich <vyasevic@...hat.com>, Cong Wang <xiyou.wangcong@...il.com>, Eric Dumazet <edumazet@...gle.com>, Scott Feldman <sfeldma@...ulusnetworks.com>, Florian Fainelli <f.fainelli@...il.com>, Roopa Prabhu <roopa@...ulusnetworks.com>, John Linville <linville@...driver.com>, "dev@...nvswitch.org" <dev@...nvswitch.org>, Jason Wang <jasowang@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Nicolas Dichtel <nicolas.dichtel@...nd.com>, ryazanov.s.a@...il.com, Lennert Buytenhek <buytenh@...tstofly.org>, aviadr@...lanox.com, Felix Fietkau <nbd@...nwrt.org>, Neil Jerram <Neil.Jerram@...aswitch.com>, ronye@...lanox.com, simon.horman@...ronome.com, Alexander Duyck <alexander.h.duyck@...el.com> Subject: Re: [patch net-next v2 8/9] switchdev: introduce Netlink API On 09/22/14 at 08:10am, Tom Herbert wrote: > Thomas, can you (or someone else) quantify what the host case is. I > suppose there may be merit in using a switch on NIC for kernel bypass > scenarios, but I'm still having a hard time understanding how this > could be integrated into the host stack with benefits that outweigh Personally my primary interest is on lxc and vm based workloads w/ end to end encryption, encap, distributed L3 and NAT, and policy enforcement including service graphs which imply both east-west and north-south traffic patterns on a host. The usual I guess ;-) > complexity. The history of stateful offloads in NICs is not great, and > encapsulation (stuffing a few bytes of header into a packet) is in > itself not nearly an expensive enough operation to warrant offloading No argument here. The direct benchmark comparisons I've measured showed only around 2% improvement. What makes stateful offload interesting to me is that the final desintation of a packet is known at RX and can be redirected to a queue or VF. This allows to build packet batches on shared pages while preserving the securiy model. Will the gains outweigh complexity? I hope so but I don't know for sure. If you have insights, let me know. What I know for sure is that I don't want to rely on a kernel bypass for the above. > to the NIC. Personally, I wish if NIC vendors are going to focus on > stateful offload I rather see it be for encryption which I believe > currently does warrant offload at 40G and higher speeds. Agreed. I would like to be see a focus on both. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists