[ovs-discuss] Upcall to userspace threading question
Scott Daniels
daniels at research.att.com
Fri Jun 12 12:29:28 UTC 2015
Currently flow setup is done in a round-robin manner based on port to
prevent the possibility of a denial of service attack. However, in a
situation where all GRE tunnels terminate on a single port (specifically
in the case of an L3 node under Openstack) it seems to make sense to
further split the flow setup from a single port to prevent the
possibility of a similar DoS attack that affects the GRE traffic.
Has this split been considered, and if so are there reasons that it
wasn't implemented?
Somewhat related, when an action list contains a sample action it causes
the packet to be cloned and sent to userspace. The way I read it the
samples share the same upcall path as flow setup upcalls. Given that
sampling would be pushing larger packets into the upcall path, compared
to SYNs during flow setup, I assume that if the sampling rate were too
aggressive that this could lead to a full upcall queue which would have
a negative impact on other traffic.
Has there been any thought given to splitting the sampling upcalls from
the rest of the upcall "traffic?"
Thanks,
Scott
------------------------------------------------------------------------
E. Scott Daniels
PMTS - Cloud Software Research
AT&T Labs - Research
daniels AT research.att.com
More information about the discuss
mailing list