All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: netdev@vger.kernel.org, davem@davemloft.net,
	thomas.lendacky@amd.com, f.fainelli@gmail.com,
	ariel.elior@cavium.com, michael.chan@broadcom.com,
	santosh@chelsio.com, madalin.bucur@nxp.com,
	yisen.zhuang@huawei.com, salil.mehta@huawei.com,
	jeffrey.t.kirsher@intel.com, tariqt@mellanox.com,
	saeedm@mellanox.com, jiri@mellanox.com, idosch@mellanox.com,
	jakub.kicinski@netronome.com, peppe.cavallaro@st.com,
	grygorii.strashko@ti.com, andrew@lunn.ch,
	vivien.didelot@savoirfairelinux.com, alexandre.torgue@st.com,
	joabreu@synopsys.com, linux-net-drivers@solarflare.com,
	ganeshgr@chelsio.com, ogerlitz@mellanox.com,
	Manish.Chopra@cavium.com
Subject: Re: [PATCH net-next,v3 00/12] add flow_rule infrastructure
Date: Mon, 26 Nov 2018 20:33:36 +0100	[thread overview]
Message-ID: <20181126193336.6vpumuc2ekt6oudy@salvia> (raw)
In-Reply-To: <20181122210832.GD14375@localhost.localdomain>

Hi Marcelo,

On Thu, Nov 22, 2018 at 07:08:32PM -0200, Marcelo Ricardo Leitner wrote:
> On Thu, Nov 22, 2018 at 02:22:20PM -0200, Marcelo Ricardo Leitner wrote:
> > On Wed, Nov 21, 2018 at 03:51:20AM +0100, Pablo Neira Ayuso wrote:
> > > Hi,
> > > 
> > > This patchset is the third iteration [1] [2] [3] to introduce a kernel
> > > intermediate (IR) to express ACL hardware offloads.
> > 
> > On v2 cover letter you had:
> > 
> > """
> > However, cost of this layer is very small, adding 1 million rules via
> > tc -batch, perf shows:
> > 
> >      0.06%  tc               [kernel.vmlinux]    [k] tc_setup_flow_action
> > """
> > 
> > The above doesn't include time spent on children calls and I'm worried
> > about the new allocation done by flow_rule_alloc(), as it can impact
> > rule insertion rate. I'll run some tests here and report back.
> 
> I'm seeing +60ms on 1.75s (~3.4%) to add 40k flower rules on ingress
> with skip_hw and tc in batch mode, with flows like:
> 
> filter add dev p6p2 parent ffff: protocol ip prio 1 flower skip_hw
> src_mac ec:13:db:00:00:00 dst_mac ec:14:c2:00:00:00 src_ip
> 56.0.0.0 dst_ip 55.0.0.0 action drop
> 
> Only 20ms out of those 60ms were consumed within fl_change() calls
> (considering children calls), though.
> 
> Do you see something similar?  I used current net-next (d59da3fbfe3f)
> and with this patchset applied.

I see lots of send() and recv() in tc -batch via strace, using this
example rule, repeating it N times:

        filter add dev eth0 parent ffff: protocol ip pref 1 flower dst_mac f4:52:14:10:df:92 action mirred egress redirect dev eth1

This is taking ~8 seconds for 40k rules from my old laptop [*], this
is already not too fast (without my patchset).

I remember we discussed about adding support for real batching for tc
- probably we can probably do this transparently by assuming that if the
skbuff length mismatches nlmsghdr->len field, then we enter the batch
mode from the kernel. This would require to update iproute2 to use
libmnl batching routines, or code that follows similar approach
otherwise.

[*] 0.5 seconds in nft (similar ruleset), this is using netlink batching.

  reply	other threads:[~2018-11-27  6:28 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-21  2:51 [PATCH net-next,v3 00/12] add flow_rule infrastructure Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 01/12] flow_dissector: add flow_rule and flow_match structures and use them Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 02/12] net/mlx5e: support for two independent packet edit actions Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 03/12] flow_dissector: add flow action infrastructure Pablo Neira Ayuso
2018-11-22  4:47   ` Florian Fainelli
2018-11-21  2:51 ` [PATCH net-next,v3 04/12] cls_api: add translator to flow_action representation Pablo Neira Ayuso
2018-11-21 21:15   ` Marcelo Ricardo Leitner
2018-11-21 23:48     ` Pablo Neira Ayuso
2018-11-22 16:33   ` Marcelo Ricardo Leitner
2018-11-21  2:51 ` [PATCH net-next,v3 05/12] cls_flower: add statistics retrieval infrastructure and use it Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 06/12] drivers: net: use flow action infrastructure Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 07/12] cls_flower: don't expose TC actions to drivers anymore Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 08/12] flow_dissector: add wake-up-on-lan and queue to flow_action Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 09/12] flow_dissector: add basic ethtool_rx_flow_spec to flow_rule structure translator Pablo Neira Ayuso
2018-11-22  4:57   ` Florian Fainelli
2018-11-22  6:19     ` Jiri Pirko
2018-11-22  4:59   ` Florian Fainelli
2018-11-22  6:21     ` Jiri Pirko
2018-11-21  2:51 ` [PATCH net-next,v3 10/12] dsa: bcm_sf2: use flow_rule infrastructure Pablo Neira Ayuso
2018-11-22  4:56   ` Florian Fainelli
2018-11-21  2:51 ` [PATCH net-next,v3 11/12] qede: place ethtool_rx_flow_spec after code after TC flower codebase Pablo Neira Ayuso
2018-11-21  2:51 ` [PATCH net-next,v3 12/12] qede: use ethtool_rx_flow_rule() to remove duplicated parser code Pablo Neira Ayuso
2018-11-22 16:59   ` Marcelo Ricardo Leitner
2018-11-22 16:22 ` [PATCH net-next,v3 00/12] add flow_rule infrastructure Marcelo Ricardo Leitner
2018-11-22 21:08   ` Marcelo Ricardo Leitner
2018-11-26 19:33     ` Pablo Neira Ayuso [this message]
2018-11-26 20:28       ` Marcelo Ricardo Leitner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181126193336.6vpumuc2ekt6oudy@salvia \
    --to=pablo@netfilter.org \
    --cc=Manish.Chopra@cavium.com \
    --cc=alexandre.torgue@st.com \
    --cc=andrew@lunn.ch \
    --cc=ariel.elior@cavium.com \
    --cc=davem@davemloft.net \
    --cc=f.fainelli@gmail.com \
    --cc=ganeshgr@chelsio.com \
    --cc=grygorii.strashko@ti.com \
    --cc=idosch@mellanox.com \
    --cc=jakub.kicinski@netronome.com \
    --cc=jeffrey.t.kirsher@intel.com \
    --cc=jiri@mellanox.com \
    --cc=joabreu@synopsys.com \
    --cc=linux-net-drivers@solarflare.com \
    --cc=madalin.bucur@nxp.com \
    --cc=marcelo.leitner@gmail.com \
    --cc=michael.chan@broadcom.com \
    --cc=netdev@vger.kernel.org \
    --cc=ogerlitz@mellanox.com \
    --cc=peppe.cavallaro@st.com \
    --cc=saeedm@mellanox.com \
    --cc=salil.mehta@huawei.com \
    --cc=santosh@chelsio.com \
    --cc=tariqt@mellanox.com \
    --cc=thomas.lendacky@amd.com \
    --cc=vivien.didelot@savoirfairelinux.com \
    --cc=yisen.zhuang@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.