| Message ID | 164781559991.306037.12052326881283461224.stgit@fed.void |
|---|---|
| Headers | show
Return-Path: <ovs-dev-bounces@openvswitch.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YdZ6OSj6; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KMCFx2WD6z9s75 for <incoming@patchwork.ozlabs.org>; Mon, 21 Mar 2022 09:33:41 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 8A43860B15; Sun, 20 Mar 2022 22:33:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Af_nKe6o29pF; Sun, 20 Mar 2022 22:33:38 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTPS id 9E5BA60687; Sun, 20 Mar 2022 22:33:37 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 78A23C001A; Sun, 20 Mar 2022 22:33:37 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 22A8BC000B for <dev@openvswitch.org>; Sun, 20 Mar 2022 22:33:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 181D2402F2 for <dev@openvswitch.org>; Sun, 20 Mar 2022 22:33:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aEz0cjSC9-3R for <dev@openvswitch.org>; Sun, 20 Mar 2022 22:33:34 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 86C0740154 for <dev@openvswitch.org>; Sun, 20 Mar 2022 22:33:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647815613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3DLfPBDTEI056PJsnLvsM2B/7E+JF8UqqbRrsuf+qbg=; b=YdZ6OSj6creEpubgVtZyVNubj4o8DLvTbm06vAEyOaM0jNId7k43KH2P8hpR9GSs3k3keW ytqVuwG1k9vMdjl4l36pCUcXt6HEGUr1QMECOsNjrlkezw7r62VbiQ0Vo3lTmBeHLNZAtI xQ4jVtcedeJs6MckE+n0lczDFQY85G0= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-621-aFxugOm_NW6xT8ykiTM0vw-1; Sun, 20 Mar 2022 18:33:30 -0400 X-MC-Unique: aFxugOm_NW6xT8ykiTM0vw-1 Received: by mail-ej1-f71.google.com with SMTP id mm20-20020a170906cc5400b006dfec7725f3so991974ejb.15 for <dev@openvswitch.org>; Sun, 20 Mar 2022 15:33:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:from:to:cc:date:message-id:user-agent :mime-version:content-transfer-encoding; bh=3DLfPBDTEI056PJsnLvsM2B/7E+JF8UqqbRrsuf+qbg=; b=Nr9S71mQhIGoBC4SalWJ2qwUivey3Y9uTnBd2/4yJGSozyWx8ns23mWLTOlGtThYlR okDZl/RFueRAAXqxaYyPvKu6DMB/ATZjoM29QQWvoOVWENUPWUrgLmXH+XII4LzGa58q UbbFUZ9Gv8mW0n8QgYTriTYPVdEkTXWHuyx5Npt248paJQlBc1Zp0pB5KWQOpAKN3NPk Ezk/O2Jl9bKSBdoYeIMUVY2y3+tH4Dtsqduun3gRLfbIzkUx/9pXN6D2eXbYbt+0Gtwj rimU5ZNHH/0AZc6Q4g+hnc8/sBgddXZsv5KxUwL7jMUgW0VKfg/Ia4owqFzLojQTVsbN PMzA== X-Gm-Message-State: AOAM530Y8ecfUVd3YM9MP17vZ/D3zB7vus85/Q0jkCLV2LI3zNjfC1T9 1FLphqkPipFLl4SeN34yUyJ1+9zQUvqvokF0vxQkEzAOu+mAI3SY4vwPgP353jNLWjGLBm8gS65 qsORQk6/XU0sVL641UdJhz6ycIFMPyJnNoRGD5RVUjZDHPYwIyIAkhsGx6Uc4LJ7Q X-Received: by 2002:a17:907:7f94:b0:6da:64ec:fabc with SMTP id qk20-20020a1709077f9400b006da64ecfabcmr18697541ejc.717.1647815608346; Sun, 20 Mar 2022 15:33:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvUZolG7PqZ0kMbrYIuJzieQVXm7t2UFwl0aNvW7Syqq/Ptjcqwhc3qsSInN9/biNGfPGAhA== X-Received: by 2002:a17:907:7f94:b0:6da:64ec:fabc with SMTP id qk20-20020a1709077f9400b006da64ecfabcmr18697517ejc.717.1647815608008; Sun, 20 Mar 2022 15:33:28 -0700 (PDT) Received: from localhost (net-93-66-41-83.cust.vodafonedsl.it. [93.66.41.83]) by smtp.gmail.com with ESMTPSA id v2-20020a17090606c200b006a728f4a9bcsm6256266ejb.148.2022.03.20.15.33.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 20 Mar 2022 15:33:27 -0700 (PDT) From: Paolo Valerio <pvalerio@redhat.com> To: dev@openvswitch.org Date: Sun, 20 Mar 2022 23:33:19 +0100 Message-ID: <164781559991.306037.12052326881283461224.stgit@fed.void> User-Agent: StGit/1.1 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pvalerio@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: fbl@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [PATCH RFC v3 0/6] conntrack: Introduce buckets and reduce contention. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: <ovs-dev.openvswitch.org> List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe> List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/> List-Post: <mailto:ovs-dev@openvswitch.org> List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help> List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>, <mailto:ovs-dev-request@openvswitch.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org> |
| Series |
conntrack: Introduce buckets and reduce contention.
|
expand
|
This series aims to share the work done so far, and to start a discussion of a slightly different approach in terms of the way we handle the connections. It's not considered ready as further work and extensive tests are needed. These are some performance numbers obtained in the following way: ./tests/ovstest test-conntrack benchmark $i 16777216 32 1 $i baseline ct-scale ct-bucket 2 16480 ms 3527 ms 3180 ms 4 37375 ms 4997 ms 4477 ms 8 63239 ms 9692 ms 8954 ms 16 131583 ms 19303 ms 18062 ms Both ct-scale and ct-bucket introduce a noticeable improvement in terms of performace. It's worth to mention that the ct-scale, keeping the exp_lists, is more efficient during the sweeping. There are two main logical changes that the series tries to introduce. The first one is the reintroduction of buckets, the second one is the removal of the expiration lists. The first two patches are a prereq and were picked (untouched) from this series (by Gaetan): https://patchwork.ozlabs.org/project/openvswitch/list/?series=249027&state=* The third patch is a follow up of the following: https://patchwork.ozlabs.org/project/openvswitch/patch/20201129033255.64647-2-hepeng.0320@bytedance.com/ Some logic has changed, but the overall idea remained the same. Additional details in the patch description. The fourth patch introduces the buckets and removes the expiration lists. The buckets got reintroduced as cmaps instead of hmaps, trying to narrow down the critical sections as well. An alternative approach may involve the replacement of cmaps with linked lists (without increasing the number of locks), increasing the number of buckets (it could involve the ability to change the buckets number when the user changes the connection limit). This could improve the stale conns eviction during the processing of the packet, but this is currently out of scope for this series (can be discussed, though). The insertion, namely the creation of the connection, can probably be improved (or at least an improvement can be evaluated), as, in case of nat, it acquires the bucket locks calling nat_get_unique_tuple_lock(). This is needed because we may need to know the reverse tuple before locking in order to acquire the locks in the right way to avoid ABBA deadlocks. Further details about locking may be found in patch #4 description. There's a known limitation, and it is related mostly to zone limit. Keeping the stale entries, leads to a mismatch between the current number of per zone connections and the actual number of valid connections. This means that if we have a small zone limit number, we may wait a whole "next_wakeup" time before the entries get cleaned up (assuming we have candidates for removal). To avoid this, a zone clean up from the packet path has been added, but alternative approaches as triggering a per zone cleanup when a threshold of connections has been reached (storing the connections per bucket and per zone during the creation) may be still viable. Expiration lists have been removed for the sake of evaluation, but they could be included and duplicated among buckets. In this way we could distribute the contention (as a matter of fact reducing the number of connections per list) that affects the write access to a single data structure during every connection update. Patch #6 reintegrates the command below with multiple buckets: ovs-appctl dpctl/ct-bkts A couple of minor patches have been kept out of the series, for the time being, as they strongly depend on #4. Gaetan Rivet (3): conntrack: Use a cmap to store zone limits conntrack-tp: Use a cmap to store timeout policies conntrack: Use an atomic conn expiration value Paolo Valerio (2): conntrack: Split single cmap to multiple buckets. conntrack: Make ovs-appctl dpctl/ct-bkts work with multiple buckets Peng He (1): conntrack: Replaces nat_conn introducing key directionality. lib/conntrack-private.h | 60 ++- lib/conntrack-tp.c | 102 ++-- lib/conntrack.c | 1061 +++++++++++++++++++++++---------------- lib/conntrack.h | 6 +- lib/dpif-netdev.c | 5 +- tests/system-traffic.at | 5 +- 6 files changed, 706 insertions(+), 533 deletions(-)