Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp116538imm; Tue, 24 Jul 2018 15:10:33 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeeqixxNgJDdteY7AhvKVtoU7YEbvGKz9wi2JaYSF+QVuQ/chcQRODGuvh6lmX3MlhFrS3C X-Received: by 2002:a62:c819:: with SMTP id z25-v6mr19144313pff.44.1532470233789; Tue, 24 Jul 2018 15:10:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532470233; cv=none; d=google.com; s=arc-20160816; b=DUYfc9xbsVFsTD+9gm/V+ERTpo+9bhwifKVa17GKGYopcimpczf+ZdpNA1MORko/dw 9b4ryXjwrEhXS8IYOEr8/OV19S6/oT4jkQREopyL5Xs4l2gCF3PPIh8M8G++pTAGPlN8 VLsdvvlNwf+/JqZgpU75pR7K/YaaX73FOhIFTSulkAi3KATrYpPHgX+Ykbt6IgEdaIor SRGO4Du+gsbvQHOb8xkrpGEICFEggrGS2hEzBDFNkFIcYjmFulo60i2dsMbHIh/eOX9j 9WmYeq0RHAatfeEOf1GDkKrczMCABS8P8qrs+EVAYKIuIv4tbouvIyKFZvK9lKSJyQZL D/mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=LzitGvfo7yUEzlJBRlOK34PhKWnibYzQyV2HN8+eokE=; b=GE1xX/U9HzvF13HMCAfpPJ1iQieO1fIBQg7PcaT2li15skkVeCByhUMnyKWY3sqq16 K5GPmI111NvpiZmXI1r+Q9zfDwASHZMT9DIp8MvXZ9MX33d+lyAvjoGDYZzKksHa5aZY ZYjCFz02J/ZfIFSOMtzEsEhF37s/q+0Ken/yDEtjHdueIl9xR2OKS15nJu8EvDrmptyz CuvrCjthOXQOOj/tXv8DX/062WVukrtqP5wCib/2TmuHiCM8H4JNaD5l8n/s/SKwrasP fY223KspX7N6LIIroC2fi6tIU8KbB9glLQSuF0l1Vre9JzA0EFBq+X7dmPvlDCe7M3Vy zUkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pCVql7Vx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m24-v6si12618666pfk.56.2018.07.24.15.10.18; Tue, 24 Jul 2018 15:10:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pCVql7Vx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388644AbeGXXSA (ORCPT + 99 others); Tue, 24 Jul 2018 19:18:00 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:35477 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726889AbeGXXSA (ORCPT ); Tue, 24 Jul 2018 19:18:00 -0400 Received: by mail-pg1-f195.google.com with SMTP id e6-v6so3825022pgv.2; Tue, 24 Jul 2018 15:09:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LzitGvfo7yUEzlJBRlOK34PhKWnibYzQyV2HN8+eokE=; b=pCVql7VxJOIKYd0P7Qo8VlNVdhWjalTPgs8nNjWKcoU+XgqZg6mZi0ENXZ9eMdXVC6 nUhcfEkh6Y36NCrmJA0MPceDnzzgvr8ZUISgl0r7tKZlze0xaXq5DTSuwTAGGfOFWhl8 FcYD+CcgkbpC2YWiWJmzo6St1/ESnBVSXNrZQyH6dSmQers1l63YBjhSx++PNxGabavS sQCQz5Ko2TTixpc5fzOvC1lw8dxdDZbLLC4PP/bMI+O+IkDKBLrodtsk+reScy6IlA2W Yp/y/UiVzSZo5CS8HHKdMifXmAM09C2Rv/slhTqEGJ/W80hWpFfvMog7ONplCQqm95Wx v7Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LzitGvfo7yUEzlJBRlOK34PhKWnibYzQyV2HN8+eokE=; b=Rfo9sWVX5sK3VIfwdl+Uzi/22A9XyICWSbx9hrBRxURnZDOqUjtyX1Y3uTQLhYCAjq M7qsk13TAUq0YtzpMa7YxBGwa/6cM3Iuf+wuPjyFRmwHULAe+i1m7WGY+jy8L7/v5pPw bJcBr0ZZQe4sPQDCdzVhnEfJb6M1THSCzvM6kGuImKOjzEEV8eHEhpw2gR/6Ujzihjyq 6wu4Bid73HVa6LHxHdhv+SZ7Z087R3GdpanlVKX3Z4yRvDbo0KNogTjwxNLZE0H6OFju k8Gv2safyDiVhk+9bsuiKY0xg6MztCZrao5rEHxf6iV6iMlVYUtrweuElOKjqNcRA1vz X1Ag== X-Gm-Message-State: AOUpUlEAjSlGa7o1/Aa1FWjwF6VHB297XxYggRsgvj6EYPFpV2JGrc7g t+BtGxSPr89oo16QCWu0FiS95g6pZw4mw5aQaCY= X-Received: by 2002:a62:cd3:: with SMTP id 80-v6mr19602583pfm.184.1532470167277; Tue, 24 Jul 2018 15:09:27 -0700 (PDT) MIME-Version: 1.0 References: <1a3f59a9-0ba5-c83f-16a6-f9550a84f693@gmail.com> <1a27e301-3275-b349-a2f8-afdfdc02f04f@gmail.com> <20180718.125938.2271502580775162784.davem@davemloft.net> <28c30574-391c-b4bd-c337-51d3040d901a@gmail.com> <5021d874-8e99-6eba-f24b-4257c62d4457@gmail.com> In-Reply-To: <5021d874-8e99-6eba-f24b-4257c62d4457@gmail.com> From: Cong Wang Date: Tue, 24 Jul 2018 15:09:25 -0700 Message-ID: Subject: Re: [PATCH RFC/RFT net-next 00/17] net: Convert neighbor tables to per-namespace To: David Ahern Cc: David Miller , Linux Kernel Network Developers , nikita.leshchenko@oracle.com, Roopa Prabhu , Stephen Hemminger , Ido Schimmel , Jiri Pirko , Saeed Mahameed , Alexander Aring , linux-wpan@vger.kernel.org, NetFilter , LKML , "Eric W. Biederman" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 24, 2018 at 8:14 AM David Ahern wrote: > > On 7/19/18 11:12 AM, Cong Wang wrote: > > On Thu, Jul 19, 2018 at 9:16 AM David Ahern wrote: > >> > >> Chatting with Nikolay about this and he brought up a good corollary - ip > >> fragmentation. It really is a similar problem in that memory is consumed > >> as a result of packets received from an external entity. The ipfrag > >> sysctls are per namespace with a limit that non-init_net namespaces can > >> not set high_thresh > the current value of init_net. Potential memory > >> consumed by fragments scales with the number of namespaces which is the > >> primary concern with making neighbor tables per namespace. > > > > Nothing new, already discussed: > > https://marc.info/?l=linux-netdev&m=140391416215988&w=2 > > > > :) > > > > Neighbor tables, bridge fdbs, vxlan fdbs and ip fragments all consume > local memory resources due to received packets. bridge and vxlan fdb's > are fairly straightforward analogs to neighbor entries; they are per > device with no limits on the number of entries. Fragments have memory > limits per namespace. So neighbor tables are the only ones with this > strict limitation and concern on memory consumption. > > I get the impression there is no longer a strong resistance against > moving the tables to per namespace, but deciding what is the right > approach to handle backwards compatibility. Correct? Changing the > accounting is inevitably going to be noticeable to some use case(s), but > with sysctl settings it is a simple runtime update once the user knows > to make the change. This question definitely should go to Eric Biederman who was against my proposal. Let's add Eric into CC.