James Carlson wrote:
Garrett D'Amore writes:
ip_addrs_per_if: this should not need to be tuned. A better design
would make it effectively unlimited.
[...]
Peter Memishian writes:
[...]
I'd argue ip_addr_per_if is a bug given that the number of IP interfaces
on the system is not bounded. Why are we carrying this tunable forward?
[...]
We fixed the kernel problems that caused us to need ip_addr_per_if
back in Solaris 10 with the SolarMAX project.
The reason it's still there is out of fear of badly-written user space
programs, and (in particular) SNMP. Having a very large number of
addresses per interface could cause those applications either to
consume all memory or all CPU or perhaps both.
Those "badly written" applications live in userland. This particular
problem is exactly what "resource limits" are designed to cover.
The site that runs into such a problem can easily alleviate the
situation by reducing the number of interfaces actually configured.
Since these are normally manually configured, it shouldn't be a big problem.
Having a tunable to work around these applications is Just Wrong, IMO.
We don't provide similar limits for any other kind of resource to
protect applications with crummy assumptions -- e.g. maximum number of
filesystems, maximum number of users, largest file size, system memory,
maximum number of processes, etc.
-- Garrett
I guess if we're going to consider all user space programs that fail
to scale with huge numbers of interfaces to be "broken," then removing
the tunable and the limit itself would be a good thing.
_______________________________________________
networking-discuss mailing list
[email protected]
