| Message ID | 1507883117-24347-6-git-send-email-antonio.fischetti@intel.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Darrell Ball |
| Headers | show |
| Series | Conntrack: add commands to r/w CT parameters. | expand |
On Fri, 2017-10-13 at 09:25 +0100, antonio.fischetti@intel.com wrote: > Update documentation with the new commands to Read/Write > ConnTracker configuration parameters. > > CC: Kevin Traynor <ktraynor@redhat.com> > CC: Darrell Ball <dlu998@gmail.com> > Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> One nit below, but otherwise LGTM. Acked-by: Stephen Finucane <stephen@that.guru> > --- > Documentation/intro/install/dpdk.rst | 25 +++++++++++++++++++++++++ > lib/dpctl.man | 10 ++++++++++ > 2 files changed, 35 insertions(+) > > diff --git a/Documentation/intro/install/dpdk.rst > b/Documentation/intro/install/dpdk.rst > index bb69ae5..a1f259c 100644 > --- a/Documentation/intro/install/dpdk.rst > +++ b/Documentation/intro/install/dpdk.rst > @@ -568,6 +568,31 @@ not needed i.e. jumbo frames are not needed, it can be > forced off by adding > chains of descriptors it will make more individual virtio descriptors > available > for rx to the guest using dpdkvhost ports and this can improve performance. > > +Connection Tracker > +~~~~~~~~~~~~~~~~~~ > + > +When the Connection Tracker is enabled the overall performance can be deeply > +affected, even with simple firewall rules and with stateless protocols like > +UDP. In order to find a better tuning, commands like > + > +:: > + > + $ ovs-appctl dpctl/ct-get-glbl-cfg <cfg param> > + $ ovs-appctl dpctl/ct-set-glbl-cfg <cfg param>=<value> > + > +allow respectively to read the current value, or set a new value to a > +configuration parameter. > +For example, to reduce the impact of the Connection Tracker load on the > +system performance, the maximum number of tracked connections can be > +reduced. > + > +The available configuration parameters are: > + > +- maxconn: Maximum number of connections managed by the Connection Tracker > + module. It's both readable and writeable. > +- totconn: Total number of connections currently managed by the Connection > + Tracker module. Readable only. nit: This section would probably read better as a definition list ``maxconn`` Maximum number of connections... ``totconn`` Total number of connections... > + > Limitations > ------------ > > diff --git a/lib/dpctl.man b/lib/dpctl.man > index 675fe5a..64ad105 100644 > --- a/lib/dpctl.man > +++ b/lib/dpctl.man > @@ -235,3 +235,13 @@ For each ConnTracker bucket, displays the number of > connections used > by \fIdp\fR. > If \fBgt=\fIThreshold\fR is specified, bucket numbers are displayed when > the number of connections in a bucket is greater than \fIThreshold\fR. > +. > +.TP > +\*(DX\fBct\-get\-glbl\-cfg\fR [\fIdp\fR] \fBparam\fR > +Read the current value of the specified ConnTracker parameter used > +by \fIdp\fR. > +. > +.TP > +\*(DX\fBct\-set\-glbl\-cfg\fR [\fIdp\fR] \fBparam=\fI..\fR > +Set a value to the specified ConnTracker parameter used > +by \fIdp\fR.
Thanks Antonio for doing this.
1/ Given the comments on patches 2-4, I think the documentation would change in dpctl.man to be attribute specific, if
we go that route.
I did not write it up yet, but most of it would be obvious.
One exception is how a case where setting a limit is handled when the limit is already exceeded – this needs documentation.
I think the simple and robust approach is to set the attribute regardless without affecting existing connections. When existing
connections time out, the limit would be enforced. This is what the proposed code does.
2/ I also think the userspace connection tracker documentation does not belong in dpdk documentation.
Part of the content in intro/install/dpdk.rst could be moved to dpctl.man.
dpctl.man is pulled into ovs-vswitchd.8.pdf.
3/ The documentation in dpctl.man would mention that support is presently only in the userspace connection tracker.
Thanks Darrell
On 10/13/17, 1:28 AM, "ovs-dev-bounces@openvswitch.org on behalf of antonio.fischetti@intel.com" <ovs-dev-bounces@openvswitch.org on behalf of antonio.fischetti@intel.com> wrote:
Update documentation with the new commands to Read/Write
ConnTracker configuration parameters.
CC: Kevin Traynor <ktraynor@redhat.com>
CC: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com>
---
Documentation/intro/install/dpdk.rst | 25 +++++++++++++++++++++++++
lib/dpctl.man | 10 ++++++++++
2 files changed, 35 insertions(+)
diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst
index bb69ae5..a1f259c 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -568,6 +568,31 @@ not needed i.e. jumbo frames are not needed, it can be forced off by adding
chains of descriptors it will make more individual virtio descriptors available
for rx to the guest using dpdkvhost ports and this can improve performance.
+Connection Tracker
+~~~~~~~~~~~~~~~~~~
+
+When the Connection Tracker is enabled the overall performance can be deeply
+affected, even with simple firewall rules and with stateless protocols like
+UDP. In order to find a better tuning, commands like
+
+::
+
+ $ ovs-appctl dpctl/ct-get-glbl-cfg <cfg param>
+ $ ovs-appctl dpctl/ct-set-glbl-cfg <cfg param>=<value>
+
+allow respectively to read the current value, or set a new value to a
+configuration parameter.
+For example, to reduce the impact of the Connection Tracker load on the
+system performance, the maximum number of tracked connections can be
+reduced.
+
+The available configuration parameters are:
+
+- maxconn: Maximum number of connections managed by the Connection Tracker
+ module. It's both readable and writeable.
+- totconn: Total number of connections currently managed by the Connection
+ Tracker module. Readable only.
+
Limitations
------------
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 675fe5a..64ad105 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -235,3 +235,13 @@ For each ConnTracker bucket, displays the number of connections used
by \fIdp\fR.
If \fBgt=\fIThreshold\fR is specified, bucket numbers are displayed when
the number of connections in a bucket is greater than \fIThreshold\fR.
+.
+.TP
+\*(DX\fBct\-get\-glbl\-cfg\fR [\fIdp\fR] \fBparam\fR
+Read the current value of the specified ConnTracker parameter used
+by \fIdp\fR.
+.
+.TP
+\*(DX\fBct\-set\-glbl\-cfg\fR [\fIdp\fR] \fBparam=\fI..\fR
+Set a value to the specified ConnTracker parameter used
+by \fIdp\fR.
--
2.4.11
_______________________________________________
dev mailing list
dev@openvswitch.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=vXZ1YIrzm8yx9y_G6RlRqBJPOyEO6liY9bXSHzA0uAE&s=PHKAZck2m0ZlG-WVDIVcLP56XP-S94YZ2m0pGqDmjPc&e=
Thanks Darrell and Stephen for your suggestions. I'll rework accordingly in v4. Antonio > -----Original Message----- > From: Darrell Ball [mailto:dball@vmware.com] > Sent: Monday, December 11, 2017 6:02 PM > To: Fischetti, Antonio <antonio.fischetti@intel.com>; > dev@openvswitch.org > Subject: Re: [ovs-dev] [PATCH v3 5/5] doc: ConnTracker cfg parameters. > > Thanks Antonio for doing this. > > 1/ Given the comments on patches 2-4, I think the documentation would > change in dpctl.man to be attribute specific, if > we go that route. > I did not write it up yet, but most of it would be obvious. > One exception is how a case where setting a limit is handled when > the limit is already exceeded – this needs documentation. > I think the simple and robust approach is to set the attribute > regardless without affecting existing connections. When existing > connections time out, the limit would be enforced. This is what the > proposed code does. > > 2/ I also think the userspace connection tracker documentation does not > belong in dpdk documentation. > Part of the content in intro/install/dpdk.rst could be moved to > dpctl.man. > dpctl.man is pulled into ovs-vswitchd.8.pdf. > > 3/ The documentation in dpctl.man would mention that support is > presently only in the userspace connection tracker. > > Thanks Darrell > > > > On 10/13/17, 1:28 AM, "ovs-dev-bounces@openvswitch.org on behalf of > antonio.fischetti@intel.com" <ovs-dev-bounces@openvswitch.org on behalf > of antonio.fischetti@intel.com> wrote: > > Update documentation with the new commands to Read/Write > ConnTracker configuration parameters. > > CC: Kevin Traynor <ktraynor@redhat.com> > CC: Darrell Ball <dlu998@gmail.com> > Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> > --- > Documentation/intro/install/dpdk.rst | 25 +++++++++++++++++++++++++ > lib/dpctl.man | 10 ++++++++++ > 2 files changed, 35 insertions(+) > > diff --git a/Documentation/intro/install/dpdk.rst > b/Documentation/intro/install/dpdk.rst > index bb69ae5..a1f259c 100644 > --- a/Documentation/intro/install/dpdk.rst > +++ b/Documentation/intro/install/dpdk.rst > @@ -568,6 +568,31 @@ not needed i.e. jumbo frames are not needed, it > can be forced off by adding > chains of descriptors it will make more individual virtio > descriptors available > for rx to the guest using dpdkvhost ports and this can improve > performance. > > +Connection Tracker > +~~~~~~~~~~~~~~~~~~ > + > +When the Connection Tracker is enabled the overall performance can > be deeply > +affected, even with simple firewall rules and with stateless > protocols like > +UDP. In order to find a better tuning, commands like > + > +:: > + > + $ ovs-appctl dpctl/ct-get-glbl-cfg <cfg param> > + $ ovs-appctl dpctl/ct-set-glbl-cfg <cfg param>=<value> > + > +allow respectively to read the current value, or set a new value to > a > +configuration parameter. > +For example, to reduce the impact of the Connection Tracker load on > the > +system performance, the maximum number of tracked connections can > be > +reduced. > + > +The available configuration parameters are: > + > +- maxconn: Maximum number of connections managed by the Connection > Tracker > + module. It's both readable and writeable. > +- totconn: Total number of connections currently managed by the > Connection > + Tracker module. Readable only. > + > Limitations > ------------ > > diff --git a/lib/dpctl.man b/lib/dpctl.man > index 675fe5a..64ad105 100644 > --- a/lib/dpctl.man > +++ b/lib/dpctl.man > @@ -235,3 +235,13 @@ For each ConnTracker bucket, displays the > number of connections used > by \fIdp\fR. > If \fBgt=\fIThreshold\fR is specified, bucket numbers are displayed > when > the number of connections in a bucket is greater than > \fIThreshold\fR. > +. > +.TP > +\*(DX\fBct\-get\-glbl\-cfg\fR [\fIdp\fR] \fBparam\fR > +Read the current value of the specified ConnTracker parameter used > +by \fIdp\fR. > +. > +.TP > +\*(DX\fBct\-set\-glbl\-cfg\fR [\fIdp\fR] \fBparam=\fI..\fR > +Set a value to the specified ConnTracker parameter used > +by \fIdp\fR. > -- > 2.4.11 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__mail.openvswitch.org_mailman_listinfo_ovs- > 2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih- > uZnsw&m=vXZ1YIrzm8yx9y_G6RlRqBJPOyEO6liY9bXSHzA0uAE&s=PHKAZck2m0ZlG- > WVDIVcLP56XP-S94YZ2m0pGqDmjPc&e= > > >
diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index bb69ae5..a1f259c 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -568,6 +568,31 @@ not needed i.e. jumbo frames are not needed, it can be forced off by adding chains of descriptors it will make more individual virtio descriptors available for rx to the guest using dpdkvhost ports and this can improve performance. +Connection Tracker +~~~~~~~~~~~~~~~~~~ + +When the Connection Tracker is enabled the overall performance can be deeply +affected, even with simple firewall rules and with stateless protocols like +UDP. In order to find a better tuning, commands like + +:: + + $ ovs-appctl dpctl/ct-get-glbl-cfg <cfg param> + $ ovs-appctl dpctl/ct-set-glbl-cfg <cfg param>=<value> + +allow respectively to read the current value, or set a new value to a +configuration parameter. +For example, to reduce the impact of the Connection Tracker load on the +system performance, the maximum number of tracked connections can be +reduced. + +The available configuration parameters are: + +- maxconn: Maximum number of connections managed by the Connection Tracker + module. It's both readable and writeable. +- totconn: Total number of connections currently managed by the Connection + Tracker module. Readable only. + Limitations ------------ diff --git a/lib/dpctl.man b/lib/dpctl.man index 675fe5a..64ad105 100644 --- a/lib/dpctl.man +++ b/lib/dpctl.man @@ -235,3 +235,13 @@ For each ConnTracker bucket, displays the number of connections used by \fIdp\fR. If \fBgt=\fIThreshold\fR is specified, bucket numbers are displayed when the number of connections in a bucket is greater than \fIThreshold\fR. +. +.TP +\*(DX\fBct\-get\-glbl\-cfg\fR [\fIdp\fR] \fBparam\fR +Read the current value of the specified ConnTracker parameter used +by \fIdp\fR. +. +.TP +\*(DX\fBct\-set\-glbl\-cfg\fR [\fIdp\fR] \fBparam=\fI..\fR +Set a value to the specified ConnTracker parameter used +by \fIdp\fR.
Update documentation with the new commands to Read/Write ConnTracker configuration parameters. CC: Kevin Traynor <ktraynor@redhat.com> CC: Darrell Ball <dlu998@gmail.com> Signed-off-by: Antonio Fischetti <antonio.fischetti@intel.com> --- Documentation/intro/install/dpdk.rst | 25 +++++++++++++++++++++++++ lib/dpctl.man | 10 ++++++++++ 2 files changed, 35 insertions(+)