lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 Jul 2016 10:28:47 -0700
From:	Rick Jones <rick.jones2@....com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	Phil Sutter <phil@....cc>,
	Nicolas Dichtel <nicolas.dichtel@...nd.com>,
	Stephen Hemminger <shemming@...cade.com>,
	netdev@...r.kernel.org
Subject: Re: [iproute PATCH 0/2] Netns performance improvements

On 07/07/2016 09:34 AM, Eric W. Biederman wrote:
> Rick Jones <rick.jones2@....com> writes:
>> 300 routers is far from the upper limit/goal.  Back in HP Public
>> Cloud, we were running as many as 700 routers per network node (*),
>> and more than four network nodes. (back then it was just the one
>> namespace per router and network). Mileage will of course vary based
>> on the "oomph" of one's network node(s).
>
> To clarify processes for these routers and dhcp servers are created
> with "ip netns exec"?

I believe so, but it would be good to have someone else confirm that, 
and speak to your paragraph below.

> If that is the case and you are using this feature as effectively a
> lightweight container and not lots vrfs in a single network stack
> then I suspect much larger gains can be had by creating a variant
> of ip netns exec avoids the mount propagation.
>

...

>> * Didn't want to go much higher than that because each router had a
>> port on a common linux bridge and getting to > 1024 would be an
>> unpleasant day.
>
> * I would have thought all you have to do is bump of the size
>    of the linux neighbour cache.  echo $BIGNUM > /proc/sys/net/ipv4/neigh/default/gc_thresh3

We didn't want to hit the 1024 port limit of a (then?) Linux bridge.

rick

Having a bit of deja vu but I suspect things like commit 
0818bf27c05b2de56c5b2bd08cfae2a939bd5f52  are not exactly on the same 
wavelength, just my brain seeing "namespaces" and "performance" and 
lighting-up :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ