[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 1/3][xen-netback] add a pseudo pps rate limit

Thursday, December 18, 2014, 9:13:18 AM, you wrote:

>>On Tue, 2013-07-09 at 16:01 +0200, William Dauchy wrote:
>>> On Jul09 15:48, Sander Eikelenboom wrote:
>>> > Just wondering, why should this be done in the drivers ?
>>> > Couldn't this also be achieved with netfilter and the recent/limit 
>>> > modules ?
>>> > The limit module can already handle bursts.
>>> We indeed forgot to talk about it since we already got the question from
>>> Wei.
>>> The first thing is that your comment is also true for bandwidth which is
>>> already present. Moreover PPS is linked to bandwidth.
>>> By using netfilter, PPS shaping is done on backend level, once packet
>>> has left the VM; which means after using an additional memory transaction
>>> to copy packet from frontend. IMHO, at scale, shaping in this way should
>>> save some memory transactions comparing to netfilter.
>>Have you tried the netfilter approach and found it to be insufficient in
>>I'm not sure how netfilter recent/limit is implemented but if it queues
>>rather than drops you would naturally find that you end up with back
>>pressure onto the netback device where the ring would fill with
>>in-progress requests and therefore netback would have to stop processing
>>more packets.

> The maximum limit rate of the netfilter limit module is 10000/s that is too
>  small nowadays. Even if the size of the packet is 1500, the bandwidth is
> as small as 14 MiB. So it is not a good practise to use the limit module.

> $  sudo iptables -I INPUT -m limit --limit 10001/s --limit-burst 100 -j RETURN
> iptables v1.4.19.1: Rate too fast "10001/s"

And using TC / qdisc ? (http://lartc.org/manpages/tc.txt)

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.