> > It is the expected behavior. Basically, dpct/ct-set-limits sets the > per-zone limit, if the per-zone limit is not configured, it defaults > to the default per-zone limit. >
Thanks. I want to make my opinions more understandable. If the per-zone limit is not configured, it defaults to the default per-zone limit. Should the default per-zone limit be isolated from each other? But at present, it is a shared limit for all zones. For example, when I use "ovs-appctl dpctl/ct-set-limits default=6", if there are 6 connections in zone 0, we cannot create any new connection in any other zone. Yi-Hung Wei <[email protected]> 于2020年12月10日周四 上午8:00写道: > On Wed, Dec 9, 2020 at 7:50 AM Harold Huang <[email protected]> wrote: > > > > When I use ```ovs-appctl dpctl/ct-set-limits default=6``` to set the > > default zone limit, the max connection limit of all zones is set to 6. I > > think it is not resonable. First, the max connection limit can be set > with > > ```ovs-appctl dpctl/ct-set-maxconns```. And when I use ```ovs-appctl > > dpctl/ct-get-limits zone=5,6,7,8```, the result is like: > > ``` > > $ovs-appctl dpctl/ct-get-limits zone=5,6,7,8 > > default limit=6 > > zone=5,limit=6,count=0 > > zone=6,limit=6,count=0 > > zone=7,limit=6,count=0 > > zone=8,limit=6,count=0 > > ``` > > It is the expected behavior. Basically, dpct/ct-set-limits sets the > per-zone limit, if the per-zone limit is not configured, it defaults > to the default per-zone limit. > > It is documented on ovs-vswitchd(8), > > dpctl/ct-set-limits [dp] > [default=default_limit] > [zone=zone,limit=limit]... > Sets the maximum allowed number of connections in a > connection > tracking zone. A specific zone may be set to limit, and > multi‐ > ple zones may be specified with a comma-separated list. > If a > per-zone limit for a particular zone is not specified in > the > datapath, it defaults to the default per-zone limit. A > default > zone may be specified with the default=default_limit > argument. > Initially, the default per-zone limit is unlimited. An > unlim‐ > ited number of entries may be set with 0 limit. > > > > It seems that each zone has a default limit(6), but the limit(6) is the > > total connection limit for all zones if we do not set the limit for a > > specific zone. > > > > The total connection limit is set by dpctl/ct-set-maxconns for > userpsace datapath. > Quoted from ovs-vswitchd(8), > > dpctl/ct-set-maxconns [dp] maxconns > Sets the maximum limit of connection tracker entries to > maxconns > on dp. This can be used to reduce the processing load on > the > system due to connection tracking or simply limiting > connection > tracking. If the number of connections is already over the > new > maximum limit request then the new maximum limit will be > en‐ > forced when the number of connections decreases to that > limit, > which normally happens due to connection expiry. Only > supported > for userspace datapath. > > > For kernel datapath, the number of conntrack entries for all zones is > limited by nf_conntrack_max, > https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt > > > -Yi-Hung > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
