[ovs-discuss] Limit packets per second on a port

Jesse Gross jesse at nicira.com
Thu Sep 15 21:12:58 UTC 2011


On Sep 15, 2011 1:54 PM, "Sébastien Riccio" <sr at swisscenter.com> wrote:
>
> On 15.09.2011 22:47, Ben Pfaff wrote:
>>
>> On Thu, Sep 15, 2011 at 10:36:43PM +0200, S?bastien Riccio wrote:
>>>
>>> I'm still working on a topic I've already discussed before: I just
>>> dont want a VM to be able for example
>>> to be able to udp flood at a maximum rate  and bring the whole thing
>>> down and unresponsive.
>>
>> Oh, OK.  For that, you really want to limit the maximum of flows, not
>> the maximum number of packets, or, even better, just ensure that there
>> is fairness among ports.
>>
>> I think Jesse's patch to improve this behavior should come along soon.
>>
>
> Ok, yes, you told me about this patch. I was just digging a bit deeper
trying to figure if there was another way to do it :) It's a quite important
issue for service providers that hosts customers on virtual machines. Any of
them could, even unintentionally (hacked vm), tear down the whole host.
That's why I thought about limiting packets rate to prevent this.

This type of rate limit won't help anyways because the CPU time will have
already been spent by the time the packet is dropped.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110915/81dd2e59/attachment.html>


More information about the discuss mailing list