On Thu, Jun 18, 2015 at 12:46 PM, Scott Daniels <[email protected]> wrote: > Jesse, > > Thanks. > > One follow-up in line. > > Scott > > > On Friday 2015-06-12 23:02, Jesse Gross wrote: > >> Date: Fri, 12 Jun 2015 23:02:05 >> From: Jesse Gross <[email protected]> >> To: Scott Daniels <[email protected]> >> Cc: "[email protected]" <[email protected]> >> Subject: Re: [ovs-discuss] Upcall to userspace threading question >> >> On Fri, Jun 12, 2015 at 5:29 AM, Scott Daniels <[email protected]> >> wrote: >>> >>> Currently flow setup is done in a round-robin manner based on port to >>> prevent the possibility of a denial of service attack. However, in a >>> situation where all GRE tunnels terminate on a single port (specifically >>> in >>> the case of an L3 node under Openstack) it seems to make sense to further >>> split the flow setup from a single port to prevent the possibility of a >>> similar DoS attack that affects the GRE traffic. >>> >>> Has this split been considered, and if so are there reasons that it >>> wasn't >>> implemented? >> >> >> This isn't entirely true any more (it used to be). Each port now has >> an array of sockets that packets can be queued to and flows are spread >> among them based on a hash of the flow. > > > Looking through the change log I'm not able to tell when this was introduced > -- want to make sure that we're at or beyond that point. Do you know which > version introduced this, or is there something in the source that would be > easily spotted if I had a peek?
You'll need OVS 2.3 for userspace and either the paired kernel module or the module from Linux 3.17. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
