Re: Thousands of interfaces

From: David Miller <davem@xxxxxxxxxxxxx>
Date: Tue, 31 Oct 2006 01:31:54 -0800 (PST)

From: Peter Hicks <peter.hicks@xxxxxxxxxxx>
Date: Tue, 31 Oct 2006 09:25:50 +0000

[ Discussion belongs on netdev@xxxxxxxxxxxxxxx, added to CC: ]

I have a dual 3GHz Xeon machine with a 2.4.21 kernel and thousands (15k+) of
ipip tunnel interfaces. These are being used to tunnel traffic from remote
routers, over a private network, and handed off to a third party.

...

Is it possible to speed up creation of the interfaces? Currently it takes
around 24 hours. Is there are more efficient way to handle a very large
number of IP-IP tunnels? Would upgrading to a 2.6 kernel be of use?

We just simply never imagined people would use IP tunnels on
this scale.

The following kernel patch is a quick hack that will get things to
work quickly for you, but longer term we need to add dynamic hash
table growth to this thing (and SIT tunnel, and IP GRE tunnel,
etc. etc. etc.)

diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 0c45565..78055cf 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -117,8 +117,8 @@ #include <net/ipip.h>
#include <net/inet_ecn.h>
#include <net/xfrm.h>

-#define HASH_SIZE 16
-#define HASH(addr) ((addr^(addr>>4))&0xF)
+#define HASH_SIZE 16384
+#define HASH(addr) ((addr^(addr>>14))&(HASH_SIZE - 1))

static int ipip_fb_tunnel_init(struct net_device *dev);
static int ipip_tunnel_init(struct net_device *dev);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow-Ups:
- Re: Thousands of interfaces
  - From: Stephen Hemminger
- Re: Thousands of interfaces
  - From: Ben Greear

References:
- Thousands of interfaces
  - From: Peter Hicks

Prev by Date: To test if I can send to this mail list
Next by Date: Re: [PATCH 2.6.19-rc3] i386/io_apic: fix compiler warning in create_irq
Previous by thread: Thousands of interfaces
Next by thread: Re: Thousands of interfaces
Index(es):
- Date
- Thread

Relevant Pages

Re: Thousands of interfaces
... These are being used to tunnel traffic from remote ... routers, over a private network, and handed off to a third party. ... has a several N^2 searches for interfaces. ...
(Linux-Kernel)
This is heady - DMVPN / HSRP
... My company has two Cisco 2800 routers with IPSec and FW IOS, ... I am wanting to run HSRP on both the inside and outside - no problem. ... specifically with the Tunnel interfacecreated with GRE Multicast. ... of the tunnel interface on the active router. ...
(comp.dcom.sys.cisco)
Re: Cant map drives over multi-homed network (VPN)
... Those routers pass all traffic between them through the tunnel if you ... have it setup correctly - you said you can ping a computer from one side ... since you are using a "workgroup" you need to make sure ...
(microsoft.public.win2000.networking)
Re: ethernet keepalive
... that would give me possibility to SEE on routers if link between ... switch1 and switch2 is broken. ... If that's more common network scenario, ... A tunnel destination will follow the same routing path as your ...
(comp.dcom.sys.cisco)
Re: ethernet keepalive
... that would give me possibility to SEE on routers if link between ... switch1 and switch2 is broken. ... If that's more common network scenario, ... A tunnel destination will follow the same routing path as your ...
(comp.dcom.sys.cisco)