James Carlson wrote:
> Garrett D'Amore writes:
>
>> ip_addrs_per_if: this should not need to be tuned. A better design
>> would make it effectively unlimited.
>>
> [...]
> Peter Memishian writes:
> [...]
>
>> I'd argue ip_addr_per_if is a bug given that the number of IP interfaces
>> on the system is not bounded. Why are we carrying this tunable forward?
>>
> [...]
>
> We fixed the kernel problems that caused us to need ip_addr_per_if
> back in Solaris 10 with the SolarMAX project.
>
> The reason it's still there is out of fear of badly-written user space
> programs, and (in particular) SNMP. Having a very large number of
> addresses per interface could cause those applications either to
> consume all memory or all CPU or perhaps both.
>
Those "badly written" applications live in userland. This particular
problem is exactly what "resource limits" are designed to cover.
The site that runs into such a problem can easily alleviate the
situation by reducing the number of interfaces actually configured.
Since these are normally manually configured, it shouldn't be a big problem.
Having a tunable to work around these applications is Just Wrong, IMO.
We don't provide similar limits for any other kind of resource to
protect applications with crummy assumptions -- e.g. maximum number of
filesystems, maximum number of users, largest file size, system memory,
maximum number of processes, etc.
-- Garrett
> I guess if we're going to consider all user space programs that fail
> to scale with huge numbers of interfaces to be "broken," then removing
> the tunable and the limit itself would be a good thing.
>
>
