On Wed, Jul 13, 2022 at 1:49 AM Dumitru Ceara wrote:
>
> On 7/13/22 08:45, Han Zhou wrote:
> > On Tue, Jul 12, 2022 at 1:02 AM Dumitru Ceara wrote:
> >>
> >> On 7/11/22 09:26, Ales Musil wrote:
> >>> On Mon, Jul 11, 2022 at 8:51 AM Han Zhou wrote:
> >>>
>
>
>
> On Fri, Jul 1, 2022 at 3:19 AM Ales Musil wrote:
> >
> > Hi,
> >
> > as promised I have more results from testing. The results are
> > available
> on the BZ comment 6 [0].
> >
> > So about the scenario, there were two traffic types being sent. The
> document has TCP latency and throughput, UPD throughput.
> > The traffic was splitted into two halves, 625 connections (50 flows)
> were left without touching the MAC binding table. The same amount
> > (625 connections, 50 flows) was disrupted by periodical removal of
MAC
> bindings every 20 sec.
> >
> > IMO the results prove two points:
> > 1) Removal of MAC binding does not seem to affect unrelated flows,
> > which
> was a huge concern.
> > 2) There might be some added value in keeping the connection alive
as
> long as it is used. The UDP disrupted graph shows
> > the the throughput was not able to catch up again after the
deletion,
> it's debatable that the ramp up time is probably longer than
> > was the interval of removal and 20 s is not really sensible for
> production. Anyway the connection check would prevent that, but only
> > on the
> > "owner" chassis.
> >
> > So now it's probably about deciding what compromise to make. Having
> > the
> owner with potential improvement about ownership transfer or
> > having just a simple timeout that will remove anything that expired.
> >
> > Han, Dumitru, Numan
> > please let me know what do you think about these results.
> >
>
> Thanks Ales for the detailed test results. From the graphs you
shared,
> > it
> does look like the impact is quite obvious, for both throughput and
> latency, even for TCP, right? Look at the TCP throughput line, for
> > about
> 50% of the time it was below 2G, while the one without disruption was
> > above
> 10G for most of the time.
> Did I interpret the graph correctly? Why is it different from your
> observation earlier (is it because of the max bandwidth of the test
> > env)?
> Does it suggest that a simple timeout mechanism is not suitable?
>
> Thanks,
> Han
>
> >>>
> >>>
> >>> Hi Han,
> >>> yes you interpreted it correctly. I think that the difference is
> > because of
> >>> the very high bandwidth (within multiple flows) in this test and the
> >>> removal was quite quick. So the traffic was not able to catch up again
> > in
> >>> time before it got disrupted again. Also Xena seems to wait a bit for
> > the
> >>> other related traffic before it continues the previous stream so that
> > might
> >>> have added a bit of jitter on its own. The simple timeout might still
> > be a
> >>> solution, but we would need to make sure of two things:
> >>> a) The timeout is large enough so if there is high bandwidth traffic
it
> > can
> >>> catch up again.
> >>
> > Sounds reasonable, provided that the feature is configurable and can be
> > disabled for environments that are more sensitive to such disruptions.
> >
>
> I would go a step forward and make it configurable per logical router.
> Thinking of the ovn-k8s use case (but probably applicable to OpenStack
> and other CMS), there's probably less impact if we enable the feature on
> gateway routers compared to if we enable it on the distributed central
> cluster router.
>
+1. Good point.
> >> I went back to the RFC as this seems like it would have significantly
> >> forwarding impact if we unconditionally remove ARP entries:
> >>
> >> https://datatracker.ietf.org/doc/html/rfc1122#page-22
> >>
> >> 2.3.2.1 ARP Cache Validation
> >> [..]
> >>
> >> (1) Timeout -- Periodically time out cache entries,
> >> even if they are in use. Note that this timeout
> >> should be restarted when the cache entry is
> >> "refreshed" (by observing the source fields,
> >> regardless of target address, of an ARP broadcast
> >> from the system in question). For proxy ARP
> >> situations, the timeout needs to be on the order
> >> of a minute.
> >>
> >> This mentions that an ARP entry's timeout should be restarted if the
> >> entry is refreshed. That is, when the host for which we have the ARP
> >> entry sent an ARP broadcast.
> >>
> >> I think that makes it less likely to remove the entry while IP traffic
> >> is using it.
> >>
> >> In our case that might be too complex to implement
> >
> > I haven't thought through all details yet, but can we just handle ARP
> > requests through some extra pipelines with slowpath