Changing vr_flow_entries above 512K causes flow timeout
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Agilio vRouter |
In Progress
|
Undecided
|
Jon Hickman | ||
Bug Description
Venu was running test where he was setting the vr_flow_entries to 4M and was running a PPS test with 1600 flows active but the performance was not as good as it was when we ran Contrail with vr_flow_entries at 512K.
After looking at it we found that the Agilio vRouter offload was not updating all the flow statistics when the number of flow entries set to anything > 512K. This caused the flows to timeout and the extra work of adding and removing flows during the PPS test was noticeable.
So we checked our Agilio vRouter requirement for number of flows supported and it says 1M flows. Now we are not doing 1M flows at the moment and that needs to be fixed but as we will explain further adding flow capability comes at a cost so we should be judicious in our decisions.
Lets explain a little about the number of flow entries effects the way that must maintain flow statistics and how that plays into overhead burden even when flows are not active.
The flow statistics table entries must be as large as the vr_flow_
We have a internal flow statistics table that is kept for packet and byte counters associated with each flow. To keep the agent from timing out flows while packets are offloaded we must send to agent all the flow counter for every entry at a rate that faster than the shortest timeout value of 1sec. So right now we attempt to send back the entire flow stats at 3x per second to assure a 1 sec timeout still will work.
So the default size of the table at 512K flow entries + 103 overflow entries is 615K worth of entries. (this is as large as we support with current 154 release)
Increasing that to a table size of 1024K flow entries + 200 overflow entries is 1224K worth of entries.
Making it increase to a table size of 4096K flow entries + 800 overflow entries is 4896K worth of entries.
As you can see the larger the number of flow entries supported in the offload, the more overhead is taken for updating the agent with flow counters. This happens whether or not the 1 or 4M flows are active. Our sizing is presently static so we would live with the largest number allowed for operation with Agilio vRouter then factor in the rate at which the updates safely would need sent to agent to maintain a 1 sec timeout.
Another option that can play with this is if we are not required to maintain the 1 sec timeout then the update rate could be reduced.
I have not done the math yet on how how much of an impact it would have on fallback traffic to maintain 4M flow entries yet.
This also has ramifications to mirroring because to offload mirroring we need to keep per flow entry the mirroring meta data.
So there should probably be a discussion with Raja on:
1. What is the requirement for Agilio vRouter max flow entries.
2. Can the update rate be reduced via supporting a longer minimum timeout value.
3. Discussion about how this impacts mirroring meta data.
| Changed in agiliovrouter: | |
| assignee: | nobody → Jon Hickman (jhickman8x3) |
| Changed in agiliovrouter: | |
| status: | New → In Progress |
| description: | updated |
| Jon Hickman (jhickman8x3) wrote | #1 |
| information type: | Proprietary → Public |
| Changed in agiliovrouter: | |
| status: | In Progress → New |
| status: | New → In Progress |
| tags: | added: iconic |
| information type: | Public → Private |
| information type: | Private → Public |
| Jon Hickman (jhickman8x3) wrote | #2 |
| Jon Hickman (jhickman8x3) wrote | #3 |
| tags: | added: releasenote |
We have done some testing and we are able to handle a flow entry setting of 4M and still update the flow statistics fast enough to keep the flows from timing out.
We still have an issue with being able to handle the Mirror Meta data with 4M entries. There is not enough memory on the SmartNIC to support 4M 540B mirror entries. That comes out to 2.7G and we only have 2G on the card.
Raja suggested that we use a mirror id to index the Mirror metadata vs using flowid. This would allow us to cap Mirrors to say 512K which we are able to fit.
So we are still investigating that aspect and will update.