Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7336276yba; Thu, 2 May 2019 08:13:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqxjZSG+sJLdPykwScS+n+O2sMY675sUSIB2Q1Zr0ArHWVDJjAxn2yH2WUDVS2MLydYfMVH5 X-Received: by 2002:aa7:8dc3:: with SMTP id j3mr4704772pfr.141.1556810011432; Thu, 02 May 2019 08:13:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556810011; cv=none; d=google.com; s=arc-20160816; b=OremXOYhiS6WV1ZJ8pogWdbgeQEFS2Nd0ZqWOZy7HjqxBeMxyIYNW2sIcf5sYNAN7R WBQwfBLGgR11uqpVASMjZqgLsxgh3fmvS3WU5u0qbVHt4xjG3fzegM7PIHHFrTXHKB9A C4A1+M5VMkzh4/bvUKf6mNNJR1bhwH6zehlpcOUjxV0S3RuURcNciSlLDTz6CMI6gsZs LWTxeSPusKmfzSRYWGFTZMAeBIOjNWaEGtgYpR7IFzkGAJVYtBVppEVoq36hvJp4ozJe sBX3wDqEYKD6hBfXk2b+ChGfgoSUZZGIiKIhVWTqhSTnHfLPFb8Kdiel60mlWAU7/LZX YWhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:from:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date; bh=1PH3n7dAbddNA1CaZQ004AqUr0Sby7XlEaD1X2RFnX0=; b=KGDpTgkZtBHDUytIz8hrP5xJIkyrAAc9wGSrK+JXkbxjcKhuEk522FoFEcP7x81EFw KK8pbfdwA4uamQaNNk3S/+fziscNAF+WGNGufjjEiAuzoTvRRP1N4T/iB52jChWiizBY UrKdvNVbqMlRKVrip+0HkQgHCyDO38uv0z0LGm0tlyzqYN9lprxiCGaFh2BYXVBC9XVq IxVNkzc+XRqd9kDvcujguX2rSsvTCVHrqAYsIU4hyr3lbSo5bwMTArFIlkMY/DqqNmVc KO2/o/8tY9BldFWiicMHVOdBgfgpzsLhvy6a0Snpa58Mifrk/OVJboKi8KcFROLMXx93 uG9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=csclub.uwaterloo.ca Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1si43600536plo.212.2019.05.02.08.13.15; Thu, 02 May 2019 08:13:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=csclub.uwaterloo.ca Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726466AbfEBPLn (ORCPT + 99 others); Thu, 2 May 2019 11:11:43 -0400 Received: from caffeine.csclub.uwaterloo.ca ([129.97.134.17]:52225 "EHLO caffeine.csclub.uwaterloo.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726270AbfEBPLm (ORCPT ); Thu, 2 May 2019 11:11:42 -0400 Received: by caffeine.csclub.uwaterloo.ca (Postfix, from userid 20367) id 3485F461D3A; Thu, 2 May 2019 11:11:40 -0400 (EDT) Date: Thu, 2 May 2019 11:11:40 -0400 To: Alexander Duyck Cc: LKML , Netdev , intel-wired-lan Subject: Re: [Intel-wired-lan] i40e X722 RSS problem with NAT-Traversal IPsec packets Message-ID: <20190502151140.gf5ugodqamtdd5tz@csclub.uwaterloo.ca> References: <20190501205215.ptoi2czhklte5jbm@csclub.uwaterloo.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) From: lsorense@csclub.uwaterloo.ca (Lennart Sorensen) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 01, 2019 at 03:52:57PM -0700, Alexander Duyck wrote: > I'm not sure how RSS will do much for you here. Basically you only > have the source IP address as your only source of entropy when it > comes to RSS since the destination IP should always be the same if you > are performing a server role and terminating packets on the local > system and as far as the ports in your example you seem to only be > using 4500 for both the source and the destination. I have thousands of IPsec clients connecting. Simply treating them as normal UDP packets would work. The IP address is different, and often the port too. > In your testing are you only looking at a point to point connection > between two systems, or do you have multiple systems accessing the > system you are testing? I ask as the only way this should do any > traffic spreading via RSS would be if the source IPs are different and > that would require multiple client systems accessing the server. I tried changing the client IP address and the RSS hash key. It never changed to another queue. Something is broken. > In the case of other encapsulation types over UDP, such as VXLAN, I > know that a hash value is stored in the UDP source port location > instead of the true source port number. This allows the RSS hashing to > occur on this extra information which would allow for a greater > diversity in hash results. Depending on how you are generating the ESP > encapsulation you might look at seeing if it would be possible to have > a hash on the inner data used as the UDP source port in the outgoing > packets. This would help to resolve this sort of issue. Well it works on every other network card except this one. Every other intel card in the past we have used had no problem doing this right. You want all the packets for a given ipsec tunnel to go to the same queue. That is not a problem here. What you don't want is every ipsec packet from everyone going to the same queue (always queue 0). So simply treating them as UDP packets with a source and destination IP and port would work perfectly fine. The X722 isn't doing that. It is always assigning a hash value of 0 to these packets. -- Len Sorensen