Public bug reported:
* Explain the bug(s)
TCP and UDP connections may be offloaded from nf conntrack to nf flow table.
Offloaded connections are aged after 30 seconds of inactivity.
Once aged, ownership is returned to conntrack with a hard coded tcp/udp pickup
time of 120/30 seconds, after which the connection may be deleted.
The current hard-coded pickup intervals may introduce a very aggressive
aging policy. For example, offloaded tcp connections in established
state will timeout from nf conntrack after just 150 seconds of
inactivity, instead of 5 days. In addition, the hard-coded 30 second
offload timeout period can significantly increase the hardware insertion
rate requirements in some use cases.
* Brief explanation of fixes
This patchset provides the user with the ability to configure protocol specific
offload timeout and pickup intervals via sysctl.
The first and second patches revert the existing non-upstream solution.
The next two patches introduce the sysctl configuration for tcp and udp
protocols.
The last patch modifies nf flow table aging mechanisms to use the configured
time intervals.
* How to test
Control tcp/udp connection timeout using the following sysctl parameters:
net.netfilter.nf_flowtable_tcp_pickup = 120
net.netfilter.nf_flowtable_tcp_timeout = 30
net.netfilter.nf_flowtable_udp_pickup = 30
net.netfilter.nf_flowtable_udp_timeout = 30
* What it could break.
Existing configuration scripts – not kernel related
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934401
Title:
Control netfilter flow table timeouts via sysctl
Status in linux-bluefield package in Ubuntu:
New
Bug description:
* Explain the bug(s)
TCP and UDP connections may be offloaded from nf conntrack to nf flow table.
Offloaded connections are aged after 30 seconds of inactivity.
Once aged, ownership is returned to conntrack with a hard coded tcp/udp
pickup time of 120/30 seconds, after which the connection may be deleted.
The current hard-coded pickup intervals may introduce a very
aggressive aging policy. For example, offloaded tcp connections in
established state will timeout from nf conntrack after just 150
seconds of inactivity, instead of 5 days. In addition, the hard-coded
30 second offload timeout period can significantly increase the
hardware insertion rate requirements in some use cases.
* Brief explanation of fixes
This patchset provides the user with the ability to configure protocol
specific offload timeout and pickup intervals via sysctl.
The first and second patches revert the existing non-upstream solution.
The next two patches introduce the sysctl configuration for tcp and udp
protocols.
The last patch modifies nf flow table aging mechanisms to use the configured
time intervals.
* How to test
Control tcp/udp connection timeout using the following sysctl parameters:
net.netfilter.nf_flowtable_tcp_pickup = 120
net.netfilter.nf_flowtable_tcp_timeout = 30
net.netfilter.nf_flowtable_udp_pickup = 30
net.netfilter.nf_flowtable_udp_timeout = 30
* What it could break.
Existing configuration scripts – not kernel related
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1934401/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
