|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 1/3][xen-netback] add a pseudo pps rate limit
>On Tue, 2013-07-09 at 16:01 +0200, William Dauchy wrote: >> On Jul09 15:48, Sander Eikelenboom wrote: >> > Just wondering, why should this be done in the drivers ? >> > Couldn't this also be achieved with netfilter and the recent/limit modules >> > ? >> > The limit module can already handle bursts. >> >> We indeed forgot to talk about it since we already got the question from >> Wei. >> The first thing is that your comment is also true for bandwidth which is >> already present. Moreover PPS is linked to bandwidth. >> By using netfilter, PPS shaping is done on backend level, once packet >> has left the VM; which means after using an additional memory transaction >> to copy packet from frontend. IMHO, at scale, shaping in this way should >> save some memory transactions comparing to netfilter. > >Have you tried the netfilter approach and found it to be insufficient in >practice? > >I'm not sure how netfilter recent/limit is implemented but if it queues >rather than drops you would naturally find that you end up with back >pressure onto the netback device where the ring would fill with >in-progress requests and therefore netback would have to stop processing >more packets. > >Ian. > The maximum limit rate of the netfilter limit module is 10000/s that is too small nowadays. Even if the size of the packet is 1500, the bandwidth is as small as 14 MiB. So it is not a good practise to use the limit module. $ sudo iptables -I INPUT -m limit --limit 10001/s --limit-burst 100 -j RETURN iptables v1.4.19.1: Rate too fast "10001/s" -- Best, Jian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |