Re: Flowtables -- any tuning hints?

From: Barney Cordoba <barney_cordoba_at_yahoo.com> Date: Tue, 14 Jul 2009 06:25:36 -0700 (PDT) · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:51 UTC

--- On Mon, 7/13/09, Kip Macy <kmacy_at_freebsd.org> wrote:

> From: Kip Macy <kmacy_at_freebsd.org>
> Subject: Re: Flowtables -- any tuning hints?
> To: "Barney Cordoba" <barney_cordoba_at_yahoo.com>
> Cc: freebsd-current_at_freebsd.org
> Date: Monday, July 13, 2009, 7:13 PM
> The flowtable was initially developed
> so that ECMP could support
> stateful load-balancing. In some ways it is a stop-gap for
> other
> areas.
> 
> > Its only a misconception if you think its the only way
> to do things, which
> > in itself is a misconception. I'm not at liberty to
> discuss specifics so i can't defend myself properly.
> >
> > I will say that designing a 10gb/s "system" that
> doesnt work well with a large number of flows kind of misses
> the target, don't you think?
> 
> If the only target that you care about is IP forwarding, I
> can respond
> with an emphatic "yes". If you're running web servers, NFS
> servers,
> stateful L3 load balancers, and many other applications,
> i.e. the
> majority of FreeBSD users, I can likewise respond with an
> emphatic
> "no". There are in fact quite a lot of users of 10Gbps that
> don't have
> hundreds of thousands of simultaneous peers.
> 
> 
> > The people who need 10gb/s are isps, universities and
> telcos; all of whom have a large number of flows. So I'm not
> sure exactly who is going to benefit from the work.
> 
> There seems to be something unusual about the "large number
> of
> prefixes" crowd in that any facility that doesn't directly
> benefit
> them is not worth having. You are not the first to step up
> and sneer
> with contempt, and yet do nothing to address the
> architectural flaws
> that hamper forwarding performance for your workload, and
> you will not
> be the last.

Actually I've done a LOT to address the issue, but I'm not free to 
contribute it because the people who've paid a lot of money to get it
done don't want to share it with their competitors. 

The issue isn't whether its "worth having". The issue is 

1) Nobody here asking you about it really has any idea about what it
is, or what benefit it will actually provide. So you'll have a lot of
people blindly using something hoping it will solve problems that they
don't begin to understand.

2) Such things tend to become ingrained in the OS because its better than
nothing. Netgraph comes to mind. Netgraph is certainly useful, but its done completely wrong from how it should be done, and its become a 
permenant fixture (and IMO a wart) on the FreeBSD project, because its existence thwarts any other development, since its "good enough" for some people. 

3) The network path is so adulterated with firewall variations, altq, dummynet, netgraph, and now flowtables its getting to be quite a joke. 
You guys can't come up with a clean hooking mechanism that doesn't make 
the OS code look like a scorecard for a 24 inning baseball game? 

That being said, it just seems to me that a non-scalable solution to the
problem of the OS not scaling well seems like a questionable effort. 

Barney