On Jun 6, 2012, at 2:52 AM, Oliver Francke wrote: > @Justin: Any other recommendations?
Are you also having many short-lived flows? If you're in the range I mentioned in my response to Kaushal (roughly 120,000 flow setups per second), then the forthcoming 1.7.0 release may be enough for you. > If it's worth, I could try to start a new thread, but talking about high > CPU-load, how do you all handle something like SYN-FLOOD attacks and stuff > like that? Each datapath has 16 queues that connect the kernel to userspace. We assign each port to one of those queues, which will help prevent a port from starving the other ports. Our use-case is to prevent one VM from starving out the others. In Kaushal's case, he using OVS more like a bump-in-the-wire than a vswitch, meaning that he's not concerned with a bad actor at the port level. We've got a couple of people traveling this week, but when they get back, I plan to discuss how we may be able to provide finer-grained control over flow setups for vswitch deployments, since our current approach is rather coarse and can lead to queue collisions. I've also written Kaushal off-line to see if I can get more information about his situation. --Justin _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
