[ovs-dev] [PATCH v3 5/5] doc: ConnTracker cfg parameters.

Fischetti, Antonio antonio.fischetti at intel.com
Fri Dec 15 19:07:06 UTC 2017


Thanks Darrell and Stephen for your suggestions. 
I'll rework accordingly in v4.

Antonio

> -----Original Message-----
> From: Darrell Ball [mailto:dball at vmware.com]
> Sent: Monday, December 11, 2017 6:02 PM
> To: Fischetti, Antonio <antonio.fischetti at intel.com>;
> dev at openvswitch.org
> Subject: Re: [ovs-dev] [PATCH v3 5/5] doc: ConnTracker cfg parameters.
> 
> Thanks Antonio for doing this.
> 
> 1/ Given the comments on patches 2-4, I think the documentation would
> change in dpctl.man to be attribute specific, if
>      we go that route.
>      I did not write it up yet, but most of it would be obvious.
>      One exception is how a case where setting a limit is handled when
> the limit is already exceeded – this needs documentation.
>      I think the simple and robust approach is to set the attribute
> regardless without affecting existing connections.  When existing
>      connections time out, the limit would be enforced. This is what the
> proposed code does.
> 
> 2/ I also think the userspace connection tracker documentation does not
> belong in dpdk documentation.
>      Part of the content in intro/install/dpdk.rst could be moved to
> dpctl.man.
>      dpctl.man is pulled into ovs-vswitchd.8.pdf.
> 
> 3/ The documentation in dpctl.man would mention that support is
> presently only in the userspace connection tracker.
> 
> Thanks Darrell
> 
> 
> 
> On 10/13/17, 1:28 AM, "ovs-dev-bounces at openvswitch.org on behalf of
> antonio.fischetti at intel.com" <ovs-dev-bounces at openvswitch.org on behalf
> of antonio.fischetti at intel.com> wrote:
> 
>     Update documentation with the new commands to Read/Write
>     ConnTracker configuration parameters.
> 
>     CC: Kevin Traynor <ktraynor at redhat.com>
>     CC: Darrell Ball <dlu998 at gmail.com>
>     Signed-off-by: Antonio Fischetti <antonio.fischetti at intel.com>
>     ---
>      Documentation/intro/install/dpdk.rst | 25 +++++++++++++++++++++++++
>      lib/dpctl.man                        | 10 ++++++++++
>      2 files changed, 35 insertions(+)
> 
>     diff --git a/Documentation/intro/install/dpdk.rst
> b/Documentation/intro/install/dpdk.rst
>     index bb69ae5..a1f259c 100644
>     --- a/Documentation/intro/install/dpdk.rst
>     +++ b/Documentation/intro/install/dpdk.rst
>     @@ -568,6 +568,31 @@ not needed i.e. jumbo frames are not needed, it
> can be forced off by adding
>      chains of descriptors it will make more individual virtio
> descriptors available
>      for rx to the guest using dpdkvhost ports and this can improve
> performance.
> 
>     +Connection Tracker
>     +~~~~~~~~~~~~~~~~~~
>     +
>     +When the Connection Tracker is enabled the overall performance can
> be deeply
>     +affected, even with simple firewall rules and with stateless
> protocols like
>     +UDP.  In order to find a better tuning, commands like
>     +
>     +::
>     +
>     +    $ ovs-appctl dpctl/ct-get-glbl-cfg <cfg param>
>     +    $ ovs-appctl dpctl/ct-set-glbl-cfg <cfg param>=<value>
>     +
>     +allow respectively to read the current value, or set a new value to
> a
>     +configuration parameter.
>     +For example, to reduce the impact of the Connection Tracker load on
> the
>     +system performance, the maximum number of tracked connections can
> be
>     +reduced.
>     +
>     +The available configuration parameters are:
>     +
>     +- maxconn: Maximum number of connections managed by the Connection
> Tracker
>     +  module. It's both readable and writeable.
>     +- totconn: Total number of connections currently managed by the
> Connection
>     +  Tracker module. Readable only.
>     +
>      Limitations
>      ------------
> 
>     diff --git a/lib/dpctl.man b/lib/dpctl.man
>     index 675fe5a..64ad105 100644
>     --- a/lib/dpctl.man
>     +++ b/lib/dpctl.man
>     @@ -235,3 +235,13 @@ For each ConnTracker bucket, displays the
> number of connections used
>      by \fIdp\fR.
>      If \fBgt=\fIThreshold\fR is specified, bucket numbers are displayed
> when
>      the number of connections in a bucket is greater than
> \fIThreshold\fR.
>     +.
>     +.TP
>     +\*(DX\fBct\-get\-glbl\-cfg\fR [\fIdp\fR] \fBparam\fR
>     +Read the current value of the specified ConnTracker parameter used
>     +by \fIdp\fR.
>     +.
>     +.TP
>     +\*(DX\fBct\-set\-glbl\-cfg\fR [\fIdp\fR] \fBparam=\fI..\fR
>     +Set a value to the specified ConnTracker parameter used
>     +by \fIdp\fR.
>     --
>     2.4.11
> 
>     _______________________________________________
>     dev mailing list
>     dev at openvswitch.org
>     https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__mail.openvswitch.org_mailman_listinfo_ovs-
> 2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-
> uZnsw&m=vXZ1YIrzm8yx9y_G6RlRqBJPOyEO6liY9bXSHzA0uAE&s=PHKAZck2m0ZlG-
> WVDIVcLP56XP-S94YZ2m0pGqDmjPc&e=
> 
> 
> 



More information about the dev mailing list