atively few flows.
> Something I had not considered until I rad your email just now.
It's not an optimisation issue, but a security one. If you leave
a hash like this with a constant seed, an attacker would have an
infinite amount of time to find collisions.
Rehashing isn't all that difficul
etty consistent regardless of table size
> relatively speaking.
iptables sets a pretty low bar :)
For a flow cache I think going per-cpu or at least per-node will
be unavoidable.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~
On Wed, Nov 30, 2011 at 08:14:51AM -0500, jamal wrote:
> On Wed, 2011-11-30 at 15:00 +0800, Herbert Xu wrote:
>
>
> > The other factor I considered is scalability. The OVS code as is
> > is not really friendly to SMP/NUMA scalability (but as Eric pointed,
> > neith
ld actually use the same mechanism
to do routing.
However, I don't think we need to distract ourselves by these
grand visions right now, as the OVS patch AFAICS is sufficiently
self-contained that it does not constrain us from future changes
like this.
Cheers,
--
Email: Herbert Xu
Home Page
imited number of entries and attacker could
construct long chains in a hash bucket, given enough time.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
___
dev mailing l
ld extend either the
interface as is (e.g., deploying multiqueue netlink sockets), or
migrate to something else.
So I don't really have any objections to this going into the tree.
Thanks,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herber
ions as an example.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
e
port on a data path shares the same receive queue in user-space.
Considering that this is meant to be used in virtualisation
environments, where hostile entities may indeed exist on the
network, I think this needs to be addressed.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apan
unless somebody contributes time to write it up.
Unfortunately while many love documentation, few are willing to
pay for it.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_
which
may or may not be accurate. I'll dig into the patches over the
next couple of days to see if they could be easily turned into
packet actions or whether this is difficult for reasons that we
have not yet discovered.
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~
10 matches
Mail list logo
