Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3889969imm; Tue, 17 Jul 2018 12:03:13 -0700 (PDT) X-Google-Smtp-Source: AAOMgperTerkz9Si9iyG7IMcapeTDdg0KmgqdZ1SLwhNFavhmpN7V2SEf9YmDz7s3fCyR9JJP0P+ X-Received: by 2002:a62:d34a:: with SMTP id q71-v6mr1902397pfg.17.1531854193745; Tue, 17 Jul 2018 12:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531854193; cv=none; d=google.com; s=arc-20160816; b=StCclpRLvoHCQz/EUXEUCH9M6kCOE4RHZtDZxbaMl+cCpt5vboS1SUPPKL0JuqrnrW aaic1U+00d2UqdK/OAnU/ewqcgShw8OjhKy5YsSj38PmHcKOFNIp/BXxZ8kM6FNVoI2W KyN+Op8muwCtmKOwsKcfqvF7CSvBJ4bLNEMf/J2XQVgMW2W1q9d7kv2TdGDkx/FWxQqv aawHhUkPJw6BzXmQwuhQ4BalabHJooXjx8AM1wQyHQB0SSAsmv7Lmf8DOEltSvY33xsD 3rNQsfaaqppwgeA2w4m4udIBueYce4KIgCx9MBhqFAJCwBUnFfpC4ek+ziGoqykCQVE3 BRdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=ldvO+jgqLWwJPNAzX4H3vUxbDijlWzwNyDW88/cWLuU=; b=N82Eq/Q4A6EtbsmbuUZai7o8/KHykEjygBoQWJ/InWOP8aC2YcYPpn/xQeShqrGbA2 VtOaGW8Sy2/rYURNNjyV1QAod8BDpaAaaVZlMsIELwJafZjjzLUoNlR/DC58HYEHogfH wU4fEZJL3Xw9Ehnq9/rh+2FibUQU8ripzPSW9fXDGXuW59yACtVgeO5iRxMJhcw02kKk QFMLaO0fk9CiLDASnDM2Ye/x02DpjbJFtBuJPpr4P86tW5b6DeiVakO0xfU5kL4iu8DG 6TNqZdSUrZzXHUad+RCc7OrOVUvEkLh4PxT/pI+FSbPitFr/bk7mkRd0xVR36os5lxGY N3pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AtHJUaPx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u5-v6si1451570pls.372.2018.07.17.12.02.57; Tue, 17 Jul 2018 12:03:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AtHJUaPx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730054AbeGQTgW (ORCPT + 99 others); Tue, 17 Jul 2018 15:36:22 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:37609 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729720AbeGQTgV (ORCPT ); Tue, 17 Jul 2018 15:36:21 -0400 Received: by mail-pf0-f196.google.com with SMTP id a26-v6so951873pfo.4; Tue, 17 Jul 2018 12:02:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ldvO+jgqLWwJPNAzX4H3vUxbDijlWzwNyDW88/cWLuU=; b=AtHJUaPxHVtCPEyEMbDqOlV6Lf8CaoySvnHl1q1mW0vjb4ahlxhrq+EoGTkO6OTiXg u66uZ4Lyk+eIl4UXgAbg7Iagn0BedXcKWBpzx44dLKg0BvPhAevPcq+yNABL0NdNk2IO nqukcDl/1kTYvfWf1uAoSe/7H3I7sseILSuOFfOXJPxVKfXIpfNttHZAHdk12G96Bisi jvwnlt62tKv+H6TSu36v+s6AlXUKj+I6mqT8bNbmu2shbE50YHeTHlQSNmjQHE1VYtG8 rjwr2/YBh5opasMvgF+c8Z0mGG8SMe0kq30qYEwSVZrsPW+iuL5HmQ13CQWjBHBnN/1o RajQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ldvO+jgqLWwJPNAzX4H3vUxbDijlWzwNyDW88/cWLuU=; b=Tjs/4mIusAH4F4xDm2UMBJv21E5OYcb3ih1mskZ7gACfrS9uSCQ0Wc7fcc/AC8bdnK uPMt6YMPxQSIm7dp6G1kuTNp6TjltJWfjx2DvXhnW0OxWQCy2glpRCK4zwdFhOel1vd+ jbJMc5JXi2dblfvjky0LKkFk+OMUvEGUDINQ1XPihsxCWH82i7Me+jxHVSS4VtAoRbl0 RcvdV/bCU+ZqaEH2IkZY6qTAqPVNYO8t5kLwfJZ2uORg9hgT6VKYAT9ZseH41hTgDJ3u Vf3aagm7GTeqvsWl7NKriYnYMM/F9YtylfoFU6NI7qg9JPr18TE+DqAuO9UGWpAux4uU ZM1Q== X-Gm-Message-State: AOUpUlGr2OCdi8LKgq1O8x0o2UtmFQkQ8kxA/IgfTjyHS91XHRYUGTnX Nh8ZJEbr+Eu3JppeGQ0WOCBdRaEm X-Received: by 2002:a63:5542:: with SMTP id f2-v6mr2413563pgm.37.1531854141797; Tue, 17 Jul 2018 12:02:21 -0700 (PDT) Received: from dsa-mb.local ([2601:282:800:fd80:442b:d01f:635c:39ec]) by smtp.googlemail.com with ESMTPSA id 21-v6sm10229836pgx.20.2018.07.17.12.02.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 12:02:20 -0700 (PDT) Subject: Re: [PATCH RFC/RFT net-next 00/17] net: Convert neighbor tables to per-namespace To: Cong Wang Cc: Linux Kernel Network Developers , nikita.leshchenko@oracle.com, Roopa Prabhu , Stephen Hemminger , Ido Schimmel , Jiri Pirko , Saeed Mahameed , alex.aring@gmail.com, linux-wpan@vger.kernel.org, NetFilter , LKML References: <20180717120651.15748-1-dsahern@kernel.org> <1a3f59a9-0ba5-c83f-16a6-f9550a84f693@gmail.com> From: David Ahern Message-ID: <1a27e301-3275-b349-a2f8-afdfdc02f04f@gmail.com> Date: Tue, 17 Jul 2018 13:02:18 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/17/18 11:53 AM, Cong Wang wrote: > You can see the original discussion here: > https://marc.info/?l=linux-netdev&m=140356141019653&w=2 > Thanks for the reference. I was surprised that the tables are still global. A number of objections raised in that thread were due to a large patch tackling multiple issues. This set is focused one thing - moving the tables to net - and does so in small incremental changes to make it easy to review. One of DaveM's comments: "Finally, another problem are permanent neigh entries as those cannot be reclaimed, that might be part of the main problem here. One idea wrt. permanent entries is that we could decide that, since they are administratively added, they don't count against the thresholds and limits." this is another we have hit and with same thinking ... permanent entries should not count in the gc numbers. We need to address this for EVPN. As for the per-namespace tables, it is 4 years later and over that time Linux supports a number of features: EVPN which is very mac heavy, VRR which doubles mac entries (one against the VRR device and one against the lower device) and NOS level features such as mlxsw which has to ensure mac entries for nexthop gateaways stay active. In addition there are other features on the horizon - like the ability to use namespaces to create virtual switches (what Cisco calls a VDC) where you absolutely want isolation and not allowing entries from virtual switch to evict entries from another. And of course the continued proliferation of containerized workloads where isolation is desired. I understand the concern about global resource and limits: as it stands you have to increase the limits in init_net to the max expected and hope for the best. With per namespace limits you can lower the limits of each namespace better control the total impact on the total memory used. Perhaps the defaults for namespaces after init_net could have really low defaults (e.g., 16 / 32 / 64 for gc_thresh 1/2/3) requiring admin intervention.