[ovs-dev] [PATCH v3 00/16] Userspace (DPDK) connection tracker
Fischetti, Antonio
antonio.fischetti at intel.com
Thu Jun 2 09:13:37 UTC 2016
Thanks Daniele,
Antonio
> -----Original Message-----
> From: Daniele Di Proietto [mailto:diproiettod at vmware.com]
> Sent: Wednesday, June 1, 2016 7:34 PM
> To: Fischetti, Antonio <antonio.fischetti at intel.com>
> Cc: dev at openvswitch.org
> Subject: Re: [ovs-dev] [PATCH v3 00/16] Userspace (DPDK) connection
> tracker
>
> Hi Antonio,
>
> I did some very simple benchmarks of the connection tracker
> between two phy ports (OpenFlow port 1 and 2).
>
> This is the flow table: it doesn't stress classification,
> but it includes one recirculation:
>
> ct_state=-trk,actions=ct(commit,table=0)
> in_port=1,ct_state=+trk,actions=2
>
>
> With 64-bytes UDP packets:
>
> n_connections | throughput(Mpps)
> 2 | 5.01
> 10 | 4.76
> 100 | 4.07
> 1000 | 2.82
> 10000 | 1.83
> 100000 | 1.44
> 1000000 | 1.13
> 3000000 | 1.11
>
> I think most of the drop between 100 and 1000 is due to EMC misses.
>
> I also did some TCP testing with netperf TCP_STREAM, but I didn't
> notice
> any difference if I removed the ct action from the pipeline, so the
> connection tracker is not the bottleneck (we can easily move 10Gbps
> of
> TCP 1500 bytes traffic, but that's not a significant result).
>
> Thanks,
>
> Daniele
>
> On 26/05/2016 02:45, "Fischetti, Antonio"
> <antonio.fischetti at intel.com> wrote:
>
> >Hi Daniele,
> >do you have any performance figures related to this implementation?
> >I know that performance may change quite a lot depending on the type
> >of traffic data.
> >
> >Thanks,
> >Antonio
> >
> >> -----Original Message-----
> >> From: dev [mailto:dev-bounces at openvswitch.org] On Behalf Of
> Daniele
> >> Di Proietto
> >> Sent: Tuesday, May 17, 2016 1:56 AM
> >> To: dev at openvswitch.org
> >> Subject: [ovs-dev] [PATCH v3 00/16] Userspace (DPDK) connection
> >> tracker
> >>
> >> This series aims to implement the ct() action for the dpif-netdev
> >> datapath.
> >> The bulk of the code is in the new conntrack module: it contains
> some
> >> packet
> >> parsing code, some lookup tables and the logic to implements all
> the
> >> ct bits.
> >>
> >> The conntrack module is helped by conntrack-tcp, for TCP window
> and
> >> flags
> >> tracking: the bulk of the code of this submodule is from the
> >> FreeBSD's pf
> >> subsystem, therefore is BSD licensed.
> >>
> >> The rest of the series integrates the connection tracker with the
> >> rest of
> >> OVS: the ct() action is implemented in dpif-netdev, and the
> debugging
> >> interfaces required by dpctl/{dump,flush}-conntrack are
> implemented.
> >>
> >> Besides adding some unit tests, this series ports the existing
> >> conntrack
> >> system test to the userspace datapath. Some small modifications
> are
> >> required to pass the testsuite, and some tests still have to be
> >> skipped.
> >>
> >> This can also be downloaded at:
> >>
> >> https://github.com/ddiproietto/ovs/tree/userconntrack_20160516
> >>
> >> Any feedback is appreciated, thanks.
> >>
> >> v2 -> v3:
> >> * Rebased.
> >> * Squashed commits for flushing (in dpif-netdev and conntrack).
> >> * Squashed commits for dumping (in dpif-netdev and conntrack).
> >> * Use adaptive mutex instead of spinlock: this prevents livelock
> >> if the cleanup thread is executed on the same CPU as a
> forwarding
> >> thread. Performance impact in minimal.
> >> * Validate L3 and L4 checksum.
> >> * Use proper L3 and L4 checksum in hardcoded packets in system and
> >> unit
> >> tests.
> >> * Consider ICMPv6 as well as ICMP in l4_protos and
> conn_key_to_tuple.
> >> * Mention conntrack in NEWS and FAQ.md.
> >> * Use uint16_t for ct_state.
> >> * Fix possible NULL dereference for conn in process_one().
> >> * Add OVS_U128_MIN, OVS_U128_ZERO.
> >> * Use HMAP_FOR_EACH_POP.
> >> * Check that UDP length is valid.
> >> * Style fix: prefer 'sizeof *object' instead of 'sizeof type'
> >> * Don't accept packets from/to UDP/TCP port 0.
> >> * Use defines for timeouts.
> >> * Check expiration inside lookup loop in conn_key_lookup().
> >> * Limit the number of connections.
> >> * Simplify case if tcp_get_wscale().
> >> * Introduce general INT_MOD_* macros for comparisons in modular
> >> arithmetic.
> >> * Improve comments.
> >> * New cleanup mechanism: we keep connections in an ordered list
> and
> >> we have
> >> a separate thread to performs the cleanup. This doesn't block
> the
> >> main
> >> thread for long intervals anymore.
> >> * Correctly fill UDP length and UDP/TCP/ICMP checksums in
> >> flow_compose():
> >> it's useful to write testcases for the connection tracker.
> >> * Added system test with ICMP traffic through the connection
> tracker.
> >> * Track ICMP type and code.
> >>
> >> v1 -> v2:
> >> * Fixed bug in tcp_get_wscale(), related to TCP options parsing.
> >> * Changed names of ICMP constants: now they're different from
> Linux
> >> and
> >> FreeBSD.
> >> * Fixed bug in parse_ipv6_ext_hdrs().
> >> * Used ALWAYS_INLINE in parse_vlan and parse_ethertype, to avoid a
> >> performance regression in miniflow_extract().
> >> * Updated copyright info in COPYING and debian/copyright.in.
> >> * Rebased.
> >> * Changed batching strategy in conntrack_execute() to allow a
> newly
> >> created connection to be picked up by packets in the same batch.
> >> * Added an ovs-test module to throw pcap files at the connection
> >> tracker.
> >> * Added a workaround for the userspace testsuite on new kernels
> and a
> >> tcp
> >> non-conntrack test.
> >>
> >>
> >> Daniele Di Proietto (16):
> >> packets: Define ICMP types.
> >> flow: Export parse_ipv6_ext_hdrs().
> >> flow: Introduce parse_dl_type().
> >> conntrack: New userspace connection tracker.
> >> conntrack: Periodically delete expired connections.
> >> tests: Add very simple conntrack benchmark.
> >> tests: Add test-conntrack pcap test.
> >> dpif-netdev: Execute conntrack action.
> >> dpif-netdev: Implement conntrack dump functions.
> >> dpif-netdev: Implement conntrack flush interface.
> >> flow: Fill udp_len in flow_compose_l4().
> >> flow: Generate checksum in flow_compose().
> >> tests: Add conntrack ofproto-dpif tests.
> >> system-tests: Run conntrack tests with userspace.
> >> system-tests: Add ping through conntrack test.
> >> conntrack: Track ICMP type and code.
> >>
> >> COPYING | 1 +
> >> FAQ.md | 2 +-
> >> NEWS | 2 +
> >> debian/copyright.in | 4 +
> >> include/openvswitch/types.h | 4 +
> >> lib/automake.mk | 6 +
> >> lib/conntrack-icmp.c | 105 ++++
> >> lib/conntrack-other.c | 86 +++
> >> lib/conntrack-private.h | 113 ++++
> >> lib/conntrack-tcp.c | 499 +++++++++++++++
> >> lib/conntrack.c | 1237
> >> ++++++++++++++++++++++++++++++++++++++
> >> lib/conntrack.h | 201 +++++++
> >> lib/ct-dpif.c | 24 +-
> >> lib/ct-dpif.h | 3 +-
> >> lib/dpif-netdev.c | 133 +++-
> >> lib/flow.c | 201 ++++---
> >> lib/flow.h | 4 +
> >> lib/netlink-conntrack.c | 2 +-
> >> lib/packets.h | 14 +-
> >> lib/util.h | 9 +
> >> tests/automake.mk | 1 +
> >> tests/dpif-netdev.at | 14 +-
> >> tests/ofproto-dpif.at | 896 +++++++++++++++++++++++--
> --
> >> tests/system-kmod-macros.at | 28 +
> >> tests/system-traffic.at | 149 ++++-
> >> tests/system-userspace-macros.at | 45 +-
> >> tests/test-conntrack.c | 236 ++++++++
> >> 27 files changed, 3780 insertions(+), 239 deletions(-)
> >> create mode 100644 lib/conntrack-icmp.c
> >> create mode 100644 lib/conntrack-other.c
> >> create mode 100644 lib/conntrack-private.h
> >> create mode 100644 lib/conntrack-tcp.c
> >> create mode 100644 lib/conntrack.c
> >> create mode 100644 lib/conntrack.h
> >> create mode 100644 tests/test-conntrack.c
> >>
> >> --
> >> 2.1.4
> >>
> >> _______________________________________________
> >> dev mailing list
> >> dev at openvswitch.org
> >> http://openvswitch.org/mailman/listinfo/dev
More information about the dev
mailing list