Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp2336354rwl; Thu, 13 Apr 2023 05:15:57 -0700 (PDT) X-Google-Smtp-Source: AKy350Z0NcTt5WmUhbqvhwL3xjP6hZYhtS0UckJSt1oQoeNJLrCK6R9K4fyL07/uduHeVJbqVvTU X-Received: by 2002:a17:902:d484:b0:19c:e664:5e64 with SMTP id c4-20020a170902d48400b0019ce6645e64mr2589458plg.2.1681388156768; Thu, 13 Apr 2023 05:15:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681388156; cv=none; d=google.com; s=arc-20160816; b=sZEiGN162uTz3lm+SPN1PUCs8juULKpByxXWgDu+e7lk4VPkq8HxJwQszjhuXIxg7F gRG15Uq4gPW0LdH3ZPjy94XoQj4J77B5Kvn8Ohs3+Tpa5JIRW+o+VS6R2D0kGcb/9drQ tyu2WGK5mDi8kGQn75xBLVpkdC8OCoyaTXlg0ttkiwM4treVbw4BBzuC6s4lLkqPfQOY /mXws4Ib/OcpJ+xIaX9W8OFLqQz4MoL7t00It5NDyelqneGMDOVL3EgCyLqpNigK40CU QPdYeXtItnehbsV3je/qeciPJ0IQWcgy1y9PUvvvIUAy/ZJ8G8tJfLE7Z9YDXvDi1ocX FYCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date; bh=JtIQspAs33630R68JYOZhIWqkALr8V1QCAAf3l5+rF4=; b=wfSzGaKbj9wnmHm/3vTa3uKiWcbcq1Nq9A6FBcojrvrsLkP28BLv2l2+gn5pql1A9l Ln73jMhRLeRlxilBCba0EisZ4d+l24hDujzm/KYWmQ+K+U+ilZ2h2G1DO+0gv2o9CTC/ OeYIzCmjEJQ0/NQ2AcznOK3aELlmKy+1CCrPKn/IKzShw9BCgkxFbP0wNDjj8+9lFwRS X4pDLeE+jKWK15Ku8KSBtPMl/v/layTER8kkWujH1cQ7ppkQKjlPGrVDkkpw7Rizbo/V boezxaB/XgQPm5WeOFJml7sb7i5Gxxm7NOlrt/3k8jbBEbXw3DPCdvF45Anrq4woJZbb D3TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ssi.bg Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ji5-20020a170903324500b001a5089fe47fsi1833031plb.326.2023.04.13.05.15.39; Thu, 13 Apr 2023 05:15:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ssi.bg Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229793AbjDMMBh (ORCPT + 99 others); Thu, 13 Apr 2023 08:01:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229480AbjDMMBf (ORCPT ); Thu, 13 Apr 2023 08:01:35 -0400 Received: from mg.ssi.bg (mg.ssi.bg [193.238.174.37]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3A98E0; Thu, 13 Apr 2023 05:01:33 -0700 (PDT) Received: from mg.ssi.bg (localhost [127.0.0.1]) by mg.bb.i.ssi.bg (Proxmox) with ESMTP id 15BDAD636; Thu, 13 Apr 2023 14:49:22 +0300 (EEST) Received: from ink.ssi.bg (ink.ssi.bg [193.238.174.40]) by mg.bb.i.ssi.bg (Proxmox) with ESMTPS id F37ABD632; Thu, 13 Apr 2023 14:49:21 +0300 (EEST) Received: from ja.ssi.bg (unknown [178.16.129.10]) by ink.ssi.bg (Postfix) with ESMTPS id 8D15F3C0322; Thu, 13 Apr 2023 14:49:14 +0300 (EEST) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by ja.ssi.bg (8.17.1/8.16.1) with ESMTP id 33DBnCGp027072; Thu, 13 Apr 2023 14:49:13 +0300 Date: Thu, 13 Apr 2023 14:49:12 +0300 (EEST) From: Julian Anastasov To: Abhijeet Rastogi cc: Simon Horman , Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] ipvs: change ip_vs_conn_tab_bits range to [8,31] In-Reply-To: <20230412-increase_ipvs_conn_tab_bits-v1-1-60a4f9f4c8f2@gmail.com> Message-ID: References: <20230412-increase_ipvs_conn_tab_bits-v1-1-60a4f9f4c8f2@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Wed, 12 Apr 2023, Abhijeet Rastogi via B4 Relay wrote: > From: Abhijeet Rastogi > > Current range [8, 20] is set purely due to historical reasons > because at the time, ~1M (2^20) was considered sufficient. > > Previous change regarding this limit is here. > > Link: https://lore.kernel.org/all/86eabeb9dd62aebf1e2533926fdd13fed48bab1f.1631289960.git.aclaudi@redhat.com/T/#u > > Signed-off-by: Abhijeet Rastogi > --- > The conversation for this started at: > > https://www.spinics.net/lists/netfilter/msg60995.html > > The upper limit for algo is any bit size less than 32, so this > change will allow us to set bit size > 20. Today, it is common to have > RAM available to handle greater than 2^20 connections per-host. This is not a limit of number of connections. I prefer not to allow value above 24 without adding checks for the available memory, this more concern for 32-bit. Blindly allocating 2^20 (1048576 pointers which is 8MB) should not cause OOM but selecting large value and then using this kernel on boxes with less memory is dangerous. > Distros like RHEL already have higher limits set. > --- > net/netfilter/ipvs/Kconfig | 4 ++-- > net/netfilter/ipvs/ip_vs_conn.c | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig > index 271da8447b29..3e3371f8c0f9 100644 > --- a/net/netfilter/ipvs/Kconfig > +++ b/net/netfilter/ipvs/Kconfig > @@ -44,7 +44,7 @@ config IP_VS_DEBUG > > config IP_VS_TAB_BITS > int "IPVS connection table size (the Nth power of 2)" > - range 8 20 > + range 8 31 > default 12 > help > The IPVS connection hash table uses the chaining scheme to handle > @@ -54,7 +54,7 @@ config IP_VS_TAB_BITS > > Note the table size must be power of 2. The table size will be the > value of 2 to the your input number power. The number to choose is > - from 8 to 20, the default number is 12, which means the table size > + from 8 to 31, the default number is 12, which means the table size > is 4096. Don't input the number too small, otherwise you will lose > performance on it. You can adapt the table size yourself, according > to your virtual server application. It is good to set the table size > diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c > index 13534e02346c..bc0fe1a698d4 100644 > --- a/net/netfilter/ipvs/ip_vs_conn.c > +++ b/net/netfilter/ipvs/ip_vs_conn.c > @@ -1484,8 +1484,8 @@ int __init ip_vs_conn_init(void) > int idx; > > /* Compute size and mask */ > - if (ip_vs_conn_tab_bits < 8 || ip_vs_conn_tab_bits > 20) { > - pr_info("conn_tab_bits not in [8, 20]. Using default value\n"); > + if (ip_vs_conn_tab_bits < 8 || ip_vs_conn_tab_bits > 31) { > + pr_info("conn_tab_bits not in [8, 31]. Using default value\n"); > ip_vs_conn_tab_bits = CONFIG_IP_VS_TAB_BITS; > } > ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; > > --- > base-commit: 09a9639e56c01c7a00d6c0ca63f4c7c41abe075d > change-id: 20230412-increase_ipvs_conn_tab_bits-4322c90da216 > > Best regards, > -- > Abhijeet Rastogi Regards -- Julian Anastasov