[ovs-discuss] Upcall to userspace threading question
Jesse Gross
jesse at nicira.com
Fri Jun 19 00:26:40 UTC 2015
On Thu, Jun 18, 2015 at 12:46 PM, Scott Daniels
<daniels at research.att.com> wrote:
> Jesse,
>
> Thanks.
>
> One follow-up in line.
>
> Scott
>
>
> On Friday 2015-06-12 23:02, Jesse Gross wrote:
>
>> Date: Fri, 12 Jun 2015 23:02:05
>> From: Jesse Gross <jesse at nicira.com>
>> To: Scott Daniels <daniels at research.att.com>
>> Cc: "discuss at openvswitch.org" <discuss at openvswitch.org>
>> Subject: Re: [ovs-discuss] Upcall to userspace threading question
>>
>> On Fri, Jun 12, 2015 at 5:29 AM, Scott Daniels <daniels at research.att.com>
>> wrote:
>>>
>>> Currently flow setup is done in a round-robin manner based on port to
>>> prevent the possibility of a denial of service attack. However, in a
>>> situation where all GRE tunnels terminate on a single port (specifically
>>> in
>>> the case of an L3 node under Openstack) it seems to make sense to further
>>> split the flow setup from a single port to prevent the possibility of a
>>> similar DoS attack that affects the GRE traffic.
>>>
>>> Has this split been considered, and if so are there reasons that it
>>> wasn't
>>> implemented?
>>
>>
>> This isn't entirely true any more (it used to be). Each port now has
>> an array of sockets that packets can be queued to and flows are spread
>> among them based on a hash of the flow.
>
>
> Looking through the change log I'm not able to tell when this was introduced
> -- want to make sure that we're at or beyond that point. Do you know which
> version introduced this, or is there something in the source that would be
> easily spotted if I had a peek?
You'll need OVS 2.3 for userspace and either the paired kernel module
or the module from Linux 3.17.
More information about the discuss
mailing list