| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jun 2020 00:32:18 +0000
From: Yi Yang (杨燚)-云服务集团
<yangyi01@...pur.com>
To: "dsahern@...il.com" <dsahern@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: "nikolay@...ulusnetworks.com" <nikolay@...ulusnetworks.com>,
Yi Yang (杨燚)-云服务集团
<yangyi01@...pur.com>
Subject: 答复: [PATCH] can current ECMP implementation support consistent hashing for next hop?
David, thank you so much for confirming it can't, I did read your cumulus document before, resilient hashing is ok for next hop remove, but it still has the same issue there if add new next hop. I know most of kernel code in Cumulus Linux has been in upstream kernel, I'm wondering why you didn't push resilient hashing to upstream kernel.
I think consistent hashing is must-have for a commercial load balancing solution, otherwise it is basically nonsense , do you Cumulus Linux have consistent hashing solution?
Is "- replacing nexthop entries as LB's come and go" ithe stuff https://docs.cumulusnetworks.com/cumulus-linux/Layer-3/Equal-Cost-Multipath-Load-Sharing-Hardware-ECMP/#resilient-hashing is showing? It can't ensure the flow is distributed to the right backend server if a new next hop is added.
-----邮件原件-----
发件人: David Ahern [mailto:dsahern@...il.com]
发送时间: 2020年6月12日 2:27
收件人: Yi Yang (杨燚)-云服务集团 <yangyi01@...pur.com>; netdev@...r.kernel.org
抄送: nikolay@...ulusnetworks.com
主题: Re: [PATCH] can current ECMP implementation support consistent hashing for next hop?
On 6/11/20 8:56 AM, Yi Yang (杨燚)-云服务集团 wrote:
> Hi, folks
>
> We need to use Linux ECMP to do active-active load balancer, but consistent hash is necessary because load balance node may be added or removed dynamically, so number of hash bucket is changeable, but we have to distribute flow to load balance node which is handling this flow and has current session state, I’m not sure if current Linux has implemented the algorithm in https://tools.ietf.org/html/rfc2992, anybody can confirm yes or no?
>
> I checked source code in https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/tree/net/ipv4/fib_semantics.c#n2176, every next hop in fib has a upper_bound, fib_select_multipath just checks if hash value is greater than upper_bound of next hop and decide if it is selected next hop, so I don't think current linux has implemented consistent hash, please correct me if I'm wrong.
>
> Thank you all so much in advance and sincerely appreciate your help.
>
The kernel does not do resilient hashing, but I believe you can do it from userspace by updating route entries - replacing nexthop entries as LB's come and go.
Cumulus docs have a good description:
https://docs.cumulusnetworks.com/cumulus-linux/Layer-3/Equal-Cost-Multipath-Load-Sharing-Hardware-ECMP/#resilient-hashing
Download attachment "smime.p7s" of type "application/pkcs7-signature" (3600 bytes)
Powered by blists - more mailing lists