[ovs-dev] 答复: can userspace conntrack support IP fragment?

杨燚 Tue, 17 Nov 2020 01:38:47 -0800

It works after I disabled my GRO, so please ignore my issue, thanks a lot.

-----邮件原件-----
发件人: Yi Yang (杨燚)-云服务集团 
发送时间: 2020年11月17日 9:38
收件人: 'acon...@redhat.com' <acon...@redhat.com>
抄送: 'yihung....@gmail.com' <yihung....@gmail.com>; 'u9012...@gmail.com' 
<u9012...@gmail.com>; 'dlu...@gmail.com' <dlu...@gmail.com>; 
'd...@openvswitch.org' <d...@openvswitch.org>; 'yang_y...@163.com' 
<yang_y...@163.com>
主题: 答复: can userspace conntrack support IP fragment?
重要性: 高


Thanks Aaron, here are my ipf settings

# ovs-appctl dpctl/ipf-get-status netdev@ovs-netdev
        Fragmentation Module Status
        ---------------------------
        v4 enabled: 1
        v6 enabled: 1
        max num frags (v4/v6): 1000
        num frag: 0
        min v4 frag size: 1200
        v4 frags accepted: 660
        v4 frags completed: 660
        v4 frags expired: 0
        v4 frags too small: 0
        v4 frags overlapped: 0
        v4 frags purged: 0
        min v6 frag size: 1280
        v6 frags accepted: 0
        v6 frags completed: 0
        v6 frags expired: 0
        v6 frags too small: 0
        v6 frags overlapped: 0
        v6 frags purged: 0

I tried big packet ping, ICMP is ok, but tcp and udp are not ok. So I really 
don't know what's wrong. Ip fragment size should be 1500, it is VM MTU value.

root@yangyi-ovsdpdk-vm1-on-07:~# ping 172.16.1.250 -s 8192
PING 172.16.1.250 (172.16.1.250) 8192(8220) bytes of data.
8200 bytes from 172.16.1.250: icmp_seq=1 ttl=64 time=1.06 ms
8200 bytes from 172.16.1.250: icmp_seq=2 ttl=64 time=0.651 ms
8200 bytes from 172.16.1.250: icmp_seq=3 ttl=64 time=0.541 ms
8200 bytes from 172.16.1.250: icmp_seq=4 ttl=64 time=0.485 ms
8200 bytes from 172.16.1.250: icmp_seq=5 ttl=64 time=0.600 ms
8200 bytes from 172.16.1.250: icmp_seq=6 ttl=64 time=0.536 ms
^C
--- 172.16.1.250 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.485/0.646/1.067/0.197 ms
root@yangyi-ovsdpdk-vm1-on-07:~# tcpdump -i ens3 -vvv -c 5 icmp
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 
bytes
01:32:15.373681 IP (tos 0x0, ttl 64, id 3275, offset 0, flags [+], proto ICMP 
(1), length 1500)
    172.16.1.250 > 172.16.2.10: ICMP echo request, id 1610, seq 22, length 1480
01:32:15.373705 IP (tos 0x0, ttl 64, id 3275, offset 1480, flags [+], proto 
ICMP (1), length 1500)
    172.16.1.250 > 172.16.2.10: icmp
01:32:15.373709 IP (tos 0x0, ttl 64, id 3275, offset 2960, flags [+], proto 
ICMP (1), length 1500)
    172.16.1.250 > 172.16.2.10: icmp
01:32:15.373712 IP (tos 0x0, ttl 64, id 3275, offset 4440, flags [+], proto 
ICMP (1), length 1500)
    172.16.1.250 > 172.16.2.10: icmp
01:32:15.373715 IP (tos 0x0, ttl 64, id 3275, offset 5920, flags [+], proto 
ICMP (1), length 1500)
    172.16.1.250 > 172.16.2.10: icmp
5 packets captured
240 packets received by filter
233 packets dropped by kernel
root@yangyi-ovsdpdk-vm1-on-07:~# iperf3 -t 5 -i 1 -c 172.16.1.250 
--get-server-output
Connecting to host 172.16.1.250, port 5201
[  4] local 172.16.2.10 port 55350 connected to 172.16.1.250 port 5201
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd
[  4]   0.00-1.00   sec   433 KBytes  3.54 Mbits/sec   88   2.83 KBytes
[  4]   1.00-2.00   sec  1.01 MBytes  8.43 Mbits/sec  124   4.24 KBytes
[  4]   2.00-3.00   sec   921 KBytes  7.54 Mbits/sec  270   7.07 KBytes
[  4]   3.00-4.00   sec   573 KBytes  4.69 Mbits/sec   86   4.24 KBytes
[  4]   4.00-5.00   sec  1.06 MBytes  8.86 Mbits/sec  152   2.83 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Retr
[  4]   0.00-5.00   sec  3.94 MBytes  6.61 Mbits/sec  720             sender
[  4]   0.00-5.00   sec  3.82 MBytes  6.40 Mbits/sec                  receiver

Server output:
Accepted connection from 172.16.2.10, port 55348
[  5] local 172.16.1.250 port 5201 connected to 172.16.2.10 port 55350
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec   317 KBytes  2.59 Mbits/sec
[  5]   1.00-2.00   sec  1015 KBytes  8.32 Mbits/sec
[  5]   2.00-3.00   sec   897 KBytes  7.34 Mbits/sec
[  5]   3.00-4.00   sec   590 KBytes  4.83 Mbits/sec
[  5]   4.00-5.00   sec  1.04 MBytes  8.71 Mbits/sec


iperf Done.
root@yangyi-ovsdpdk-vm1-on-07:~# iperf3 -t 5 -i 1 -c 172.16.1.250 
--get-server-output -u -b 1G -l 8192
Connecting to host 172.16.1.250, port 5201
[  4] local 172.16.2.10 port 58188 connected to 172.16.1.250 port 5201
[ ID] Interval           Transfer     Bandwidth       Total Datagrams
[  4]   0.00-1.00   sec   119 MBytes   998 Mbits/sec  15223
[  4]   1.00-2.00   sec   118 MBytes   990 Mbits/sec  15110
[  4]   2.00-3.00   sec   120 MBytes  1.01 Gbits/sec  15418
[  4]   3.00-4.00   sec   118 MBytes   989 Mbits/sec  15088
[  4]   4.00-5.00   sec   121 MBytes  1.01 Gbits/sec  15443
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth       Jitter    Lost/Total 
Datagrams
[  4]   0.00-5.00   sec   596 MBytes  1000 Mbits/sec  0.000 ms  0/0 (-nan%)
[  4] Sent 0 datagrams

Server output:
-----------------------------------------------------------
Accepted connection from 172.16.2.10, port 55352
[  5] local 172.16.1.250 port 5201 connected to 172.16.2.10 port 58188
[ ID] Interval           Transfer     Bandwidth       Jitter    Lost/Total 
Datagrams
[  5]   0.00-1.00   sec  0.00 Bytes  0.00 bits/sec  0.000 ms  0/0 (-nan%)
[  5]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec  0.000 ms  0/0 (-nan%)
[  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec  0.000 ms  0/0 (-nan%)
[  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec  0.000 ms  0/0 (-nan%)
[  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec  0.000 ms  0/0 (-nan%)


iperf Done.
root@yangyi-ovsdpdk-vm1-on-07:~#

-----邮件原件-----
发件人: Aaron Conole [mailto:acon...@redhat.com] 
发送时间: 2020年11月16日 22:58
收件人: Yi Yang (杨燚)-云服务集团 <yangy...@inspur.com>
抄送: yihung....@gmail.com; u9012...@gmail.com; dlu...@gmail.com; 
d...@openvswitch.org; yang_y...@163.com
主题: Re: can userspace conntrack support IP fragment?

"Yi Yang (杨燚)-云服务集团" <yangy...@inspur.com> writes:

> Hi, folks
>
>  
>
> I used latest ovs matser in Openstack, when I enabled security group 
> and port security (note: openstack is using ovs openflow to implement 
> security group), TCP performance is about several Mbps, big UDP packet (i.e.
> 8192) can’t work, but after disabled security group and port security, 
> everything is ok, I doubt userspace conntrack can’t support IP 
> fragment (or recent changes introduced bugs),
> https://bugzilla.redhat.com/show_bug.cgi?id=1639173 said it can’t 
> handle big ICMP packet, anybody can help clarify what limitations of 
> userspace conntrack are? Is there any existing document to warn users about 
> them? Thank you in advance.

What were your frag settings?  For example, try:

  ovs-appctl dpctl/ipf-set-min-frag v4 1000
  ovs-appctl dpctl/ipf-set-max-nfrags 500

See if that helps?

IIRC, the fragmentation engine doesn't support ICMP, just tcp/udp.

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] 答复: can userspace conntrack support IP fragment?

Reply via email to