-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce dataplane overhead caused by ct action #3858
Conversation
/test-all |
This should increase Windows dataplane performance as well since CT action is the main factor affecting the performance. |
Adding it to milestone 1.7 since in increases dataplane performance and may simplify flows #3603 will add. |
Codecov Report
@@ Coverage Diff @@
## main #3858 +/- ##
==========================================
- Coverage 64.36% 57.31% -7.05%
==========================================
Files 288 403 +115
Lines 41239 57057 +15818
==========================================
+ Hits 26542 32703 +6161
- Misses 12557 21740 +9183
- Partials 2140 2614 +474
Flags with carried forward coverage won't be shown. Click here to find out more.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great to see the significant perf improvement!
pkg/agent/openflow/framework.go
Outdated
@@ -219,14 +219,14 @@ func (f *featureService) getRequiredTables() []*Table { | |||
return []*Table{DNATTable} | |||
} | |||
tables := []*Table{ | |||
SNATConntrackTable, | |||
UNSNATTable, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think UnSNAT
instead of UNSNAT
makes more sense and is more readable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated, thanks
To support performing both SNAT and DNAT for traffic, Antrea uses two CT zones for SNAT and DNAT separately. For each packet, multiple CT actions are executed to go through the zones. And because SNAT is performed after DNAT, reply traffic wouldn't be unNATed correctly if they go through the zones in the same order as request traffic, an extra CT action for unSNAT was added before DNAT to resolve it. These CT actions introduce measurable overhead to the dataplane. Since the first unSNAT action is for reply traffic of SNATed connections only, and there are only few cases needing SNAT, this patch adds conditions to the unSNAT flow to make irrelevant traffic bypass it. With less CT action and less recirculation caused by it, the dataplane performance is significantly increased. TCP_RR and TCP_CRR improvement in a kind cluster is as below: ``` Test old TPS new TPS delta TCP_RR 14568.69 17826.26 +22.36% TCP_CRR 2781.7 3498.12 +25.75% ``` Signed-off-by: Quan Tian <qtian@vmware.com>
04af829
/test-all |
/test-networkpolicy |
To support performing both SNAT and DNAT for traffic, Antrea uses two CT zones for SNAT and DNAT separately. For each packet, multiple CT actions are executed to go through the zones. And because SNAT is performed after DNAT, reply traffic wouldn't be unNATed correctly if they go through the zones in the same order as request traffic, an extra CT action for unSNAT was added before DNAT to resolve it. These CT actions introduce measurable overhead to the dataplane.
Since the first unSNAT action is for reply traffic of SNATed connections only, and there are only few cases needing SNAT, this patch adds conditions to the unSNAT flow to make irrelevant traffic bypass it.
With less CT action and less recirculation caused by it, the dataplane performance is significantly increased. TCP_RR and TCP_CRR improvement in a kind cluster is as below:
Signed-off-by: Quan Tian qtian@vmware.com