[ovs-dev] Tunable flow eviction threshold

Jesse Gross jesse at nicira.com
Wed Jul 27 19:17:03 UTC 2011


On Wed, Jul 27, 2011 at 11:14 AM, Ethan Jackson <ethan at nicira.com> wrote:
>> One strategy that I have considered is to be able to ask only for flows
>> that have a non-zero packet count.  That would help with the common case
>> where, when there is a large number of flows, they are caused by a port
>> scan or some other activity with 1-packet flows.  It wouldn't help at
>> all in your case.
>
> You could also have the kernel pass down to userspace what logically
> amounts to a list of the flows  which have had their statistics change
> in the past 10 seconds.  A bloom filter would be a sensible approach.
> Again, probably won't help at all in Simon's case, and may or may-not
> be a useful optimization above simply not pushing down statistics for
> flows which have a zero packet count.

I don't think that you could implement a Bloom filter like this in a
manner that wouldn't cause cache contention.  Probably you would still
need to iterate over every flow in the kernel, you would just be
comparing last used time to current time - 10 instead of packet count
not equal to zero.

To me, optimizing for port scans doesn't seem like a particularly
common or useful case and I don't think this will help all that much
in an attack scenario.

Ethan's suggestion would also help with aging but it's still O(n) and
then userspace has to do a diff of the flows to know which ones to
evict.



More information about the dev mailing list