From: Phil Karn <karn@ka9q.net>
To: David Miller <davem@davemloft.net>
Cc: kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: hard-coded limit on unresolved multicast route cache in ipv4/ipmr.c causes slow, unreliable creation of multicast routes on busy networks
Date: Sat, 21 Jul 2018 22:32:02 -0700 [thread overview]
Message-ID: <0e085e9b-1e49-126c-f5f7-6ce2cfdd478d@ka9q.net> (raw)
In-Reply-To: <20180721.220309.1193443933653884021.davem@davemloft.net>
On 07/21/2018 10:03 PM, David Miller wrote:
> There does have to be some limit, because we are depending upon a user
> process (mrouted or whatever) to receive the netlink message, resolve
> the cache entry, and update the kernel.
Wow, thanks for the quick response.
I notice that an "unresolved" entry seems to be created whenever the
router sees multicast traffic from a particular source to a particular
group. The entry seems to "resolve" when an IGMP membership message is
also seen for that particular group. There are a whole bunch of active
multicast streams on my UCSD network segment for which there are
apparently no listeners, and that seems to be why I always see a mroute
cache full of "unresolved" entries. (If I run a local application that
joins a group, the entry "resolves".) What puzzles me is that the Iif
field is given as "unresolved" even though we know where the multicast
traffic is coming from. We only don't know who might want it.
I'm intimately familiar with unicast IP but I'm still learning about
multicast routing so I am probably missing something important.
I tried a workaround by using iptables to block the unwanted multicast
traffic (the senders are on one well-defined non-local subnet). I
created drop entries in both the INPUT and FORWARD chains but the hit
counts remain zero. I guess the mroute table is populated before the
packets reach netfilter. Is that how it should work?
Phil
next prev parent reply other threads:[~2018-07-22 5:32 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-22 1:31 hard-coded limit on unresolved multicast route cache in ipv4/ipmr.c causes slow, unreliable creation of multicast routes on busy networks Phil Karn
2018-07-22 5:03 ` David Miller
2018-07-22 5:32 ` Phil Karn [this message]
2018-11-20 9:23 ` Hangbin Liu
[not found] ` <CADiZnkSy=rFq5xLs6RcgJDihQ1Vwo2WBBY9Fi_5jOHr8XupukQ@mail.gmail.com>
2018-11-26 6:58 ` Hangbin Liu
2018-12-04 6:51 ` Hangbin Liu
[not found] ` <CADiZnkTm3UMdZ+ivPXFeTJS+_2ZaiQh7D8wWnsw0BNGfxa0C4w@mail.gmail.com>
2018-12-19 5:55 ` David Miller
2019-06-25 6:15 ` Hangbin Liu
2019-06-25 20:03 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e085e9b-1e49-126c-f5f7-6ce2cfdd478d@ka9q.net \
--to=karn@ka9q.net \
--cc=davem@davemloft.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).