[ovs-discuss] Sending UDP traffic in openflow network
Ben Pfaff
blp at nicira.com
Thu Oct 27 03:24:13 UTC 2011
On Wed, Oct 26, 2011 at 10:22:18PM -0500, Shan Hu wrote:
> Im trying to test the QoS Rate-Limiting of Kernel vSwitch, i use iperf
> as my measurement tool. Everything is working fine with TCP part,that
> is, after i limit rate of one port to, say 50Mbps, the rate is limited
> to 50Mbps correctly and packets are tranferred 100%. But when i turn
> to UDP part,i ran into problems.I have to limit bandwidth to at most
> 4Mbps in order to tranfer 100% packets.And if i use bandwidth more
> than 4Mbps, the lost packets increase, the worst packet lost
> percentage is almost 99%.
Are you using policing? The documentation says a lot about problems
with policing:
Ingress Policing:
These settings control ingress policing for packets received on this
interface. On a physical interface, this limits the rate at which
traffic is allowed into the system from the outside; on a virtual
interface (one connected to a virtual machine), this limits the rate at
which the VM is able to transmit.
Policing is a simple form of quality-of-service that simply drops pack-
ets received in excess of the configured rate. Due to its simplicity,
policing is usually less accurate and less effective than egress QoS
(which is configured using the QoS and Queue tables).
Policing is currently implemented only on Linux. The Linux implementa-
tion uses a simple ``token bucket'' approach:
o The size of the bucket corresponds to ingress_polic-
ing_burst. Initially the bucket is full.
o Whenever a packet is received, its size (converted to
tokens) is compared to the number of tokens currently in
the bucket. If the required number of tokens are avail-
able, they are removed and the packet is forwarded. Oth-
erwise, the packet is dropped.
o Whenever it is not full, the bucket is refilled with
tokens at the rate specified by ingress_policing_rate.
Policing interacts badly with some network protocols, and especially
with fragmented IP packets. Suppose that there is enough network
activity to keep the bucket nearly empty all the time. Then this token
bucket algorithm will forward a single packet every so often, with the
period depending on packet size and on the configured rate. All of the
fragments of an IP packets are normally transmitted back-to-back, as a
group. In such a situation, therefore, only one of these fragments
will be forwarded and the rest will be dropped. IP does not provide
any way for the intended recipient to ask for only the remaining frag-
ments. In such a case there are two likely possibilities for what will
happen next: either all of the fragments will eventually be retransmit-
ted (as TCP will do), in which case the same problem will recur, or the
sender will not realize that its packet has been dropped and data will
simply be lost (as some UDP-based protocols will do). Either way, it
is possible that no forward progress will ever occur.
ingress_policing_rate: integer, at least 0
Maximum rate for data received on this interface, in kbps. Data
received faster than this rate is dropped. Set to 0 (the
default) to disable policing.
ingress_policing_burst: integer, at least 0
Maximum burst size for data received on this interface, in kb.
The default burst size if set to 0 is 1000 kb. This value has
no effect if ingress_policing_rate is 0.
Specifying a larger burst size lets the algorithm be more for-
giving, which is important for protocols like TCP that react se-
verely to dropped packets. The burst size should be at least
the size of the interface's MTU. Specifying a value that is
numerically at least as large as 10% of ingress_policing_rate
helps TCP come closer to achieving the full rate.
If you're not using policing, please tell us about your configuration.
More information about the discuss
mailing list