| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Dec 2019 18:35:13 +0000
From: Petr Machata <petrm@...lanox.com>
To: John Fastabend <john.fastabend@...il.com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Roopa Prabhu <roopa@...ulusnetworks.com>,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
Roman Mashak <mrv@...atatu.com>,
Ido Schimmel <idosch@...lanox.com>,
Jiri Pirko <jiri@...nulli.us>
Subject: Re: [PATCH net-next mlxsw v2 00/10] Add a new Qdisc, ETS
John Fastabend <john.fastabend@...il.com> writes:
> Petr Machata wrote:
>> The IEEE standard 802.1Qaz (and 802.1Q-2014) specifies four principal
>> transmission selection algorithms: strict priority, credit-based shaper,
>> ETS (bandwidth sharing), and vendor-specific. All these have their
>> corresponding knobs in DCB. But DCB does not have interfaces to configure
>> RED and ECN, unlike Qdiscs.
>
> So the idea here (way back when I did this years ago) is that marking ECN
> traffic was not paticularly CPU intensive on any metrics I came up with.
> And I don't recall anyone ever wanting to do RED here. The configuration
> I usually recommended was to use mqprio + SO_PRIORITY + fq per qdisc. Then
> once we got the BPF egress hook we replaced SO_PRIORITY configurations with
> the more dynamic BPF action to set it. There was never a compelling perf
> reason to offload red/ecn.
>
> But these use cases were edge nodes. I believe this series is mostly about
> control path and maybe some light control traffic? This is for switches
> not for edge nodes right? I'm guessing because I don't see any performance
> analaysis on why this is useful, intuitively it makes sense if there is
> a small CPU sitting on a 48 port 10gbps box or something like that.
Yes.
Our particular use case is a switch that has throughput in Tbps. There
simply isn't enough bandwidth to even get all this traffic to the CPU,
let alone process it on the CPU. You need to offload, or it doesn't make
sense. 48 x 10Gbps with a small CPU is like that as well, yeah.
>From what I hear, RED / ECN was not used very widely in these sorts of
deployments, rather the deal was to have more bandwidth than you need
and not worry about QoS. This is changing, and people experiment with
this stuff more. So there is interest in strict vs. DWRR TCs, shapers,
and RED / ECN.
>> In the Qdisc land, strict priority is implemented by PRIO. Credit-based
>> transmission selection algorithm can then be modeled by having e.g. TBF or
>> CBS Qdisc below some of the PRIO bands. ETS would then be modeled by
>> placing a DRR Qdisc under the last PRIO band.
>>
>> The problem with this approach is that DRR on its own, as well as the
>> combination of PRIO and DRR, are tricky to configure and tricky to offload
>> to 802.1Qaz-compliant hardware. This is due to several reasons:
>
> I would argue the trick to configure part could be hid behind tooling to
> simplify setup. The more annoying part is it was stuck behind the qdisc
> lock. I was hoping this would implement a lockless ETS qdisc seeing we
> have the infra to do lockless qdiscs now. But seems not. I guess software
> perf analysis might show prio+drr and ets here are about the same performance
> wise.
Pretty sure. It's the same algorithm, and I would guess that the one
extra virtual call will not throw it off.
> offload is tricky with stacked qdiscs though ;)
Offload and configuration both.
Of course there could be a script to somehow generate and parse the
configuration on the front end, and some sort of library to consolidate
on the driver side, but it's far cleaner and easier to understand for
all involved if it's a Qdisc. Qdiscs are tricky, but people still
understand them well in comparison.
>> - As any classful Qdisc, DRR supports adding classifiers to decide in which
>> class to enqueue packets. Unlike PRIO, there's however no fallback in the
>> form of priomap. A way to achieve classification based on packet priority
>> is e.g. like this:
>>
>> # tc filter add dev swp1 root handle 1: \
>> basic match 'meta(priority eq 0)' flowid 1:10
>>
>> Expressing the priomap in this manner however forces drivers to deep dive
>> into the classifier block to parse the individual rules.
>>
>> A possible solution would be to extend the classes with a "defmap" a la
>> split / defmap mechanism of CBQ, and introduce this as a last resort
>> classification. However, unlike priomap, this doesn't have the guarantee
>> of covering all priorities. Traffic whose priority is not covered is
>> dropped by DRR as unclassified. But ASICs tend to implement dropping in
>> the ACL block, not in scheduling pipelines. The need to treat these
>> configurations correctly (if only to decide to not offload at all)
>> complicates a driver.
>>
>> It's not clear how to retrofit priomap with all its benefits to DRR
>> without changing it beyond recognition.
>>
>> - The interplay between PRIO and DRR is also causing problems. 802.1Qaz has
>> all ETS TCs as a last resort. Switch ASICs that support ETS at all are
>> likely to handle ETS traffic this way as well. However, the Linux model
>> is more generic, allowing the DRR block in any band. Drivers would need
>> to be careful to handle this case correctly, otherwise the offloaded
>> model might not match the slow-path one.
>
> Yep, although cases already exist all over the offload side.
>>
>> In a similar vein, PRIO and DRR need to agree on the list of priorities
>> assigned to DRR. This is doubly problematic--the user needs to take care
>> to keep the two in sync, and the driver needs to watch for any holes in
>> DRR coverage and treat the traffic correctly, as discussed above.
>>
>> Note that at the time that DRR Qdisc is added, it has no classes, and
>> thus any priorities assigned to that PRIO band are not covered. Thus this
>> case is surprisingly rather common, and needs to be handled gracefully by
>> the driver.
>>
>> - Similarly due to DRR flexibility, when a Qdisc (such as RED) is attached
>> below it, it is not immediately clear which TC the class represents. This
>> is unlike PRIO with its straightforward classid scheme. When DRR is
>> combined with PRIO, the relationship between classes and TCs gets even
>> more murky.
>>
>> This is a problem for users as well: the TC mapping is rather important
>> for (devlink) shared buffer configuration and (ethtool) counters.
>>
>> So instead, this patch set introduces a new Qdisc, which is based on
>> 802.1Qaz wording. It is PRIO-like in how it is configured, meaning one
>> needs to specify how many bands there are, how many are strict and how many
>> are ETS, quanta for the latter, and priomap.
>>
>> The new Qdisc operates like the PRIO / DRR combo would when configured as
>> per the standard. The strict classes, if any, are tried for traffic first.
>> When there's no traffic in any of the strict queues, the ETS ones (if any)
>> are treated in the same way as in DRR.
>>
>> The chosen interface makes the overall system both reasonably easy to
>> configure, and reasonably easy to offload. The extra code to support ETS in
>> mlxsw (which already supports PRIO) is about 150 lines, of which perhaps 20
>> lines is bona fide new business logic.
>
> Sorry maybe obvious question but I couldn't sort it out. When the qdisc is
> offloaded if packets are sent via software stack do they also hit the sw
> side qdisc enqueue logic? Or did I miss something in the graft logic that
> then skips adding the qdisc to software side? For example taprio has dequeue
> logic for both offload and software cases but I don't see that here.
You mean the graft logic in the driver? All that stuff is in there just
to figure out how to configure the device. SW datapath packets are
still handled as usual.
There even is a selftest for the SW datapath that uses veth pairs to
implement interconnect and TBF to throttle it (so that the scheduling
kicks in).
>>
>> Credit-based shaping transmission selection algorithm can be configured by
>> adding a CBS Qdisc under one of the strict bands (e.g. TBF can be used to a
>> similar effect as well). As a non-work-conserving Qdisc, CBS can't be
>> hooked under the ETS bands. This is detected and handled identically to DRR
>> Qdisc at runtime. Note that offloading CBS is not subject of this patchset.
>
> Any performance data showing how accurate we get on software side? The
> advantage of hardware always to me seemed to be precision in the WRR algorithm.
Quantum is specified as a number of bytes allowed to dequeue before a
queue loses the medium. Over time, the amount of traffic dequeued from
individual queues should average out to be the quanta your specified. At
any point in time, size of the packets matters: if I push 1000B packets
into a 10000B-quantum queue, it will use 100% of its allocation. If they
are 800B packets, there will be some waste (and it will compensate next
round).
As far as the Qdisc is defined, the SW side is as accurate as possible
under given traffic patterns. For HW, we translate to %, and rounding
might lead to artifacts. You kinda get the same deal with DCB, where
there's no way to split 100% among 8 TCs perfectly fairly.
> Also data showing how much overhead we get hit with from basic mq case
> would help me understand if this is even useful for software or just a
> exercise in building some offload logic.
So the Qdisc is written to do something reasonable in the SW datapath.
In that respect it's as useful as PRIO and DRR are. Not sure that as a
switch operator you really want to handle this much traffic on the CPU
though.
> FWIW I like the idea I meant to write an ETS sw qdisc for years with
> the expectation that it could get close enough to hardware offload case
> for most use cases, all but those that really need <5% tolerance or something.
Powered by blists - more mailing lists