[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALx6S35dQ5AUWi4jf88+m3FgDiy7nHO6UvRfPOGrsmmfkMeFLQ@mail.gmail.com>
Date: Wed, 29 Jul 2015 15:26:31 -0700
From: Tom Herbert <tom@...bertland.com>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
Kernel Team <kernel-team@...com>
Subject: Re: [PATCH net-next] flow_dissector: remove __flow_hash_consistentify
On Wed, Jul 29, 2015 at 3:15 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> On Wed, 2015-07-29 at 14:47 -0700, Tom Herbert wrote:
>
>> Hi Eric,
>>
>> So the scenario you're thinking is conntrack in the forwarding path,
>> RPS enabled (RSS not relevant), no hash from device, no IPv6 flow
>> labels or any other asymmetric inputs into the flow hash? I can look
>> at that, but it does make me wonder if maybe conntrack should set RFS
>> for both sides to avoid any issue with asymmetric hashes. With more
>> IPv6 and flow labels (which we will enable by default), asymmetric
>> hashes will likely become the norm.
>
> Yes, but as long as the hash was done in software in our stack we could
> use flow dissection and this swap() thing, regardless of the hashes
> computed by the NIC or derived from IPv6 flow label.
>
The IPv6 flow label is now taken as input to the software hash (along
with VLAN id, GRE keyid, MPLS label, etc.). Packets encapsulated in
UDP also cause asymmetric hashes since the source port is used for
entropy. We have no way to predict what a remote host will put into
these fields, so our only recourse would be not include them in the
hash if symmetric hashes are really a requirement.
> RFS wont fly here, as DDOS traffic will need more cache misses.
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists