| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Aug 2015 11:02:11 +0200 From: Thomas Graf <tgraf@...g.ch> To: Tom Herbert <tom@...bertland.com> Cc: Peter N??rlund <pch@...bogen.com>, David Miller <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, James Morris <jmorris@...ei.org>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Patrick McHardy <kaber@...sh.net>, linux-api@...r.kernel.org, Roopa Prabhu <roopa@...ulusnetworks.com>, sfeldma <sfeldma@...il.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Nicolas Dichtel <nicolas.dichtel@...nd.com>, Jiri Benc <jbenc@...hat.com> Subject: Re: [PATCH v2 net-next 0/3] ipv4: Hash-based multipath routing On 08/30/15 at 03:29pm, Tom Herbert wrote: > On Sun, Aug 30, 2015 at 2:28 PM, Peter N??rlund <pch@...bogen.com> wrote: > > It would definitely be simpler, and it would be nice to just fetch the > > hash directly from the NIC - and for link aggregation it would probably > > be fine. But with L4, we always need to consider fragmented packets, > > which might cause some packets of a flow to be routed differently - and > > with ECMP, the ramifications of suddenly choosing another path for a > > flow are worse than for link aggregation. The latency through the > > different paths may differ enough to cause out-or-order packets and bad > > TCP performance as a consequence. Both Cisco and Juniper routers > > defaults to L3 for ECMP - exactly for that reason, I believe. RFC 2991 > > also points out that ports probably shouldn't be used as part of the > > flow key with ECMP. > > > That's more reason why we need vendors to use IPv6 flow label instead > of ports to do ECMP :-). In any case, if we're fragmenting TCP packets > then we're already in a bad place performance-wise-- we really don't > need to optimize for that case. Albeit, it would be nice if fragments > of packet followed same path, but the would require devices to not do > L4 hash over ports when MF is set-- I don't know if anyone does that > (I have been meaning to add that to stack). +1 for solving this at hash level. Being able to rely on the L4 HW hash for multipath routing is very desirable. A simple MF bit || FO > 0 check with fall back to flow dissector to generate an L3 hash in case the HW provided an L4 hash should be sufficient to address the fragmentation concern. Since performance is gone anyway, I'm not sure it's worth offloading this behaviour to the HW. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists