Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1409264imm; Tue, 2 Oct 2018 07:47:38 -0700 (PDT) X-Google-Smtp-Source: ACcGV602wAgsrn8OL3QRrYvQW7muoLmLJe4jXXxTQSVoVpk4PWpRct2VOhvxkhjenJCqf+d4ZCAr X-Received: by 2002:a17:902:64c2:: with SMTP id y2-v6mr17089065pli.35.1538491658275; Tue, 02 Oct 2018 07:47:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538491658; cv=none; d=google.com; s=arc-20160816; b=mlBBbktN8yBIQPsvktNn64k7bKwZQWLpGxoq2KD6wi0k9wgNQ6sAhII3/tk7gaZV2P 8RDJ8OcR6psImlwuVU8UGiNsfxLoONvcY06EEOEKtPS5C46Lzy71MAjq5vhPMh9/uOkb mTNyTM3N/5S9usK56mGPcLIC6ZSKOt++2Km0ifThjYdRQ3vdtVw/gISsYMVT6h83mi9n qqBBDbUu59fVVqSsegqXeGEVgUw3gQJwYcMb23Eal14gDZSzU10/D8JNZ5ourPSA8lnd RGu1dancowJGADE/3PSPhR1ILcy6pm+IdI2eP9E4euG3PuSDV/1yylqtdB01Kwqs4J02 e8uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:user-agent:message-id:date:subject:cc:to :from; bh=ffAjENg7P737uYetCFjtq46zpTLm+OUuDon95qidyGI=; b=VIBrA5sM6DvHbeZLCIt2CJh6Z/3O6Jj03KeaWEw/3w+nDi3BXs4PNIS4L6lUj8ZHoA Bw9fz/InnzDOl1DVZlwXywWMPe5dgC5SIbgELHSMhvTNqu2Z9MzjPljfHjFuv5v6SBGl br6bRJthVmqphf2jv1pYPEbpVuaYsPUwTRZokhKOIa9vdmoKStTn8gTWmZT/0mtyUyx6 rchBlQTaKH4JqL6RjefbqVsb5Su323VyLfrSiLJTKO7Oy2RJeUxUHPn3hYAt55GjaeOz WzTQUf1PKKvhtHPyiI628RtRajkFr+6xTirEPmSjVfL4Bc9zk2waq2C68diV+Muf1ojq ujbQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c126-v6si16408009pfa.130.2018.10.02.07.47.22; Tue, 02 Oct 2018 07:47:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728321AbeJBV3n convert rfc822-to-8bit (ORCPT + 99 others); Tue, 2 Oct 2018 17:29:43 -0400 Received: from mailin.studentenwerk.mhn.de ([141.84.225.229]:35576 "EHLO email.studentenwerk.mhn.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726787AbeJBV3n (ORCPT ); Tue, 2 Oct 2018 17:29:43 -0400 Received: from mailhub.studentenwerk.mhn.de (mailhub.studentenwerk.mhn.de [127.0.0.1]) by email.studentenwerk.mhn.de (Postfix) with ESMTP id 42Phm50RVyzMl0T; Tue, 2 Oct 2018 16:45:57 +0200 (CEST) From: Wolfgang Walter To: Florian Westphal Cc: Steffen Klassert , David Miller , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, torvalds@linux-foundation.org, christophe.gouault@6wind.com Subject: Re: Regression: kernel 4.14 an later very slow with many ipsec tunnels Date: Tue, 02 Oct 2018 16:45:56 +0200 Message-ID: <4708967.r5gU1pxIcW@stwm.de> User-Agent: KMail/4.14.3 (Linux/4.14.61-debian64.all+1.1; KDE/4.14.13; x86_64; ; ) In-Reply-To: <20180914055437.77pffp2jrbfnykbp@breakpoint.cc> References: <20180913135844.3ut6fxgx67t6ndtu@breakpoint.cc> <20180914050651.GD23674@gauss3.secunet.de> <20180914055437.77pffp2jrbfnykbp@breakpoint.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Content-Type: text/plain; charset="iso-8859-1" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, Am Freitag, 14. September 2018, 07:54:37 schrieb Florian Westphal: > Steffen Klassert wrote: > > On Thu, Sep 13, 2018 at 11:03:25PM +0200, Florian Westphal wrote: > > > David Miller wrote: > > > > From: Florian Westphal > > > > Date: Thu, 13 Sep 2018 18:38:48 +0200 > > > > > > > > > Wolfgang Walter wrote: > > > > >> What I can say is that it depends mainly on number of policy rules > > > > >> and SA. > > > > > > > > > > Thats already a good hint, I guess we're hitting long hash chains in > > > > > xfrm_policy_lookup_bytype(). > > > > > > > > I don't really see how recent changes can influence that. > > > > > > I don't think there is a recent change that did this. > > > > > > Walter says < 4.14 is ok, so this is likely related to flow cache > > > removal. > > > > > > F.e. it looks like all prefixed policies end up in a linked list > > > (net->xfrm.policy_inexact) and are not even in a hash table. > > > > > > I am staring at b58555f1767c9f4e330fcf168e4e753d2d9196e0 > > > but can't figure out how to configure that away from the > > > 'no hashing for prefixed policies' default or why we even have > > > policy_inexact in first place :/ > > > > The hash threshold can be configured like this: > > > > ip x p set hthresh4 0 0 > > > > This sets the hash threshold to local /0 and remote /0 netmasks. > > With this configuration, all policies should go to the hashtable. > > Yes, but won't they all be hashed to same bucket? > > [ jhash(addr & 0, addr & 0) ] ? > > > Default hash thresholds are local /32 and remote /32 netmasks, so > > all prefixed policies go to the inexact list. > > Yes. > > Wolfgang, before having to work on getting perf into your router image > can you perhaps share a bit of info about the policies you're using? > > How many are there? Are they prefixed or not ("10.1.2.1")? Since my last reply to this message I didn't get a reply: is there any progress how to fix this performance regression I missed? Or are we stuck here with longterm kernel 4.9 for a long time? Regards, -- Wolfgang Walter Studentenwerk M?nchen Anstalt des ?ffentlichen Rechts