[Users] [TRD] Changes in network shaping for vz7

Nick Knutov mail at knutov.com
Mon Jul 20 13:46:29 PDT 2015 

btw, domain jira.sw.ru has no A/CNAME records in dns now and all links
are not accessable.

20.07.2015 21:54, Maxim Perevedentsev пишет:
>
>
> *1. Feature
>
> **a)* Switch from CBQ traffic shaper to HTB.
> https://jira.sw.ru/browse/PSBM-18245
>
> *b)* Added packet rate limitation.
> https://jira.sw.ru/browse/PSBM-17708
>
> *2. Description
>
> **a) *HTB traffic shaper has following advantages:
>
>   * higher accuracy
>   * does not need bandwidth for interfaces
>
> Therefore we made bandwidth rate optional in vz.conf:
> https://jira.sw.ru/browse/PSBM-28834?focusedCommentId=2503775&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2503775
>
> We use BANDWIDTH parameter from vz.conf only to get list of configured
> devices. So
>   BANDWIDTH="eth0 eth1:100000"
> is a valid syntax now.
>
>
> *b)* To prevent e.g. DoS attacks it is not enough to limit outgoing
> bandwidth. Despite being limited in bandwidth, we still can produce a
> great number of packets. Thus we need to limit packet rate along with
> byte rate.
>
> This feature is implemented using HTB 'mpu' (Minimum packet unit)
> param. It makes small packets with size < MPU bytes consume MPU HTB
> tokens. Consequently, the maximum allowed packet rate is
> TOTALRATE (bytes) / MPU (bytes/packet).
>
> We introduce a new *optional* parameter in vz.conf:
> RATEMPU="<dev|*>:<class>[:<mpu>] ..."
>
>  1. If <dev>:<class> is not present in RATEMPU, no packet rate
>     limitation is done for it.
>  2. If <mpu> is not present for <dev>:<class>, then the default MPU
>     (1000) is used.
>
> The default value of 1000 (not e.g. mtu ~ 1500) was chosen because too
> high MPU makes configured TOTALRATE unreachable (TOTALRATE can be
> reached only with packets of size >= MPU; such large packets are
> unusual). The value of 1000 is big enough to prevent DoS but realistic
> in terms of packet size.
>
> To implement this feature we made the following modifications:
>
>  1. Added RateMPU integer parameter to NetworkConfig.xsd in SDK
>     (*default: 0 - enabled*).
>  2. Added NRM_ENABLED=0, NRM_DISABLED=-1 to PrlEnums.h in SDK.
>  3. Added PrlNetworkShapingEntry_Get(Set)RateMPU functions to
>     PrlApiNet.h in SDK.
>  4. Added RATEMPU param to default config in vzctl, added entry to
>     'man 5 vz'.
>  5. Necessary implementation.
>
> RATEMPU is enabled by default for every newly created
> NetworkShapingEntry. The values 0 and -1 are special, reserved for
> constants NRM_ENABLED (use default MPU value) and NRM_DISABLED (do not
> limit packet rate for this entry).
>
> *3. Products
>
> *Virtuozzo 7 beta1
>
> Packages:
> *
> **a)
> *
>
>   * libvzctl >= 7.0.61
>
> *b)*
>
>   * libprlsdk >= 7.0.20
>   * prl-disp-service >= 7.0.68
>   * libvzctl >= 7.0.70
>   * vzctl >= 7.0.50
>
> *4. Testing
>
> *Need to test the following cases:
> *
> a)*
>
>   * Shaper is accurate, even for high rates (~1Gbit/s).
>
> *b)*
>
>   * mpu parameter is used by HTB and shown in "tc -d class show ..." 
>   * packet rate is limited by value of TOTALRATE / RATEMPU.
>   * packet rate limit is enabled for newly-created shaping entries
>     with default RATEMPU (1000).
>   * packet rate is disabled (if arg == -1) or RATEMPU value is equal
>     to given value (arg > 0) according to SetRateMPU() argument.
>
> *5. Known issues
> *
>
> For mpu >= 300, there is some magic in tc, so given mpu value is split
> into 'mpu' and 'overhead' parameters. *
> *
>
> mpu HTB parameter is (was?) ignored in vz7:
> https://jira.sw.ru/browse/PSBM-34874
>
> *6. What was checked by developer
> *
>
> *a) *Two servers connected with a crossover. Measured HTB accuracy,
> got the following results:
> https://jira.sw.ru/browse/PSBM-18245?focusedCommentId=2525949&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2525949
>
> *b) *Nothing. See section 5.
>
> *7. Feature owner*
>
> *a) *igor at odin.com
> *b) *mperevedentsev at odin.com
>
> -- 
> Sincerely,
> Maxim Perevedentsev
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users

-- 
Best Regards,
Nick Knutov
http://knutov.com
ICQ: 272873706
Voice: +7-904-84-23-130 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20150721/17bd2255/attachment.html>

More information about the Users mailing list