* [dpdk-dev] Defaults for rte_hash @ 2014-09-09 10:31 Matthew Hall 2014-09-09 10:45 ` Richardson, Bruce 0 siblings, 1 reply; 4+ messages in thread From: Matthew Hall @ 2014-09-09 10:31 UTC (permalink / raw) To: dev Hello, I was looking at the code which inits rte_hash objects in examples/l3fwd. It's using approx. 1M to 4M hash 'entries' depending on 32-bit vs 64-bit, but it's setting the 'bucket_entries' to just 4. Normally I'm used to using somewhat deeper hash buckets than that... it seems like having a zillion little tiny hash buckets would cause more TLB pressure and memory overhead... or does 4 get shifted / exponentiated into 2**4 ? The documentation in http://dpdk.org/doc/api/structrte__hash__parameters.html and http://dpdk.org/doc/api/rte__hash_8h.html isn't that clear... is there a better place to look for this? In my case I'm looking to create a table of 4M or 8M entries, containing tables of security threat IPs / domains, to be detected in the traffic. So it would be good to have some understanding how not to waste a ton of memory on a table this huge without making it run super slow either. Did anybody have some experience with how to get this right? Another thing... the LPM table uses 16-bit Hop IDs. But I would probably have more than 64K CIDR blocks of badness on the Internet available to me for analysis. How would I cope with this, besides just letting some attackers escape unnoticed? ;) Have we got some kind of structure which allows a greater number of CIDRs even if it's not quite as fast? Thanks, Matthew. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] Defaults for rte_hash 2014-09-09 10:31 [dpdk-dev] Defaults for rte_hash Matthew Hall @ 2014-09-09 10:45 ` Richardson, Bruce 2014-09-09 11:42 ` De Lara Guarch, Pablo 0 siblings, 1 reply; 4+ messages in thread From: Richardson, Bruce @ 2014-09-09 10:45 UTC (permalink / raw) To: Matthew Hall, dev > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Matthew Hall > Sent: Tuesday, September 09, 2014 11:32 AM > To: dev@dpdk.org > Subject: [dpdk-dev] Defaults for rte_hash > > Hello, > > I was looking at the code which inits rte_hash objects in examples/l3fwd. It's > using approx. 1M to 4M hash 'entries' depending on 32-bit vs 64-bit, but it's > setting the 'bucket_entries' to just 4. > > Normally I'm used to using somewhat deeper hash buckets than that... it seems > like having a zillion little tiny hash buckets would cause more TLB pressure > and memory overhead... or does 4 get shifted / exponentiated into 2**4 ? > > The documentation in > http://dpdk.org/doc/api/structrte__hash__parameters.html > and http://dpdk.org/doc/api/rte__hash_8h.html isn't that clear... is there a > better place to look for this? > > In my case I'm looking to create a table of 4M or 8M entries, containing > tables of security threat IPs / domains, to be detected in the traffic. So it > would be good to have some understanding how not to waste a ton of memory > on a > table this huge without making it run super slow either. > > Did anybody have some experience with how to get this right? It might be worth looking too at the hash table structures in the librte_table directory for packet framework. These should give better scalability across millions of flows than the existing rte_hash implementation. [We're looking here to provide in the future a similar, more scalable, hash table implementation with an API like that of rte_hash, but that is still under development here at the moment.] > > Another thing... the LPM table uses 16-bit Hop IDs. But I would probably have > more than 64K CIDR blocks of badness on the Internet available to me for > analysis. How would I cope with this, besides just letting some attackers > escape unnoticed? ;) Actually, I think the next hop field in the lpm implementation is only 8-bits, not 16 :-). Each lpm entry is only 16-bits in total. > > Have we got some kind of structure which allows a greater number of CIDRs > even > if it's not quite as fast? > > Thanks, > Matthew. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] Defaults for rte_hash 2014-09-09 10:45 ` Richardson, Bruce @ 2014-09-09 11:42 ` De Lara Guarch, Pablo 2014-09-09 20:42 ` Matthew Hall 0 siblings, 1 reply; 4+ messages in thread From: De Lara Guarch, Pablo @ 2014-09-09 11:42 UTC (permalink / raw) To: Richardson, Bruce, Matthew Hall, dev > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Richardson, Bruce > Sent: Tuesday, September 09, 2014 11:45 AM > To: Matthew Hall; dev@dpdk.org > Subject: Re: [dpdk-dev] Defaults for rte_hash > > > -----Original Message----- > > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Matthew Hall > > Sent: Tuesday, September 09, 2014 11:32 AM > > To: dev@dpdk.org > > Subject: [dpdk-dev] Defaults for rte_hash > > > > Hello, > > > > I was looking at the code which inits rte_hash objects in examples/l3fwd. > It's > > using approx. 1M to 4M hash 'entries' depending on 32-bit vs 64-bit, but it's > > setting the 'bucket_entries' to just 4. > > > > Normally I'm used to using somewhat deeper hash buckets than that... it > seems > > like having a zillion little tiny hash buckets would cause more TLB pressure > > and memory overhead... or does 4 get shifted / exponentiated into 2**4 ? > > That 4 is not shifted, so it is actually 4 entries/bucket. Actually, the maximum number of entries you can use is 16, as bucket will be as big as a cache line. However, regardless the number of entries, memory size will remain the same, but using 4 entries/bucket, with 16-byte key, all keys stored for a bucket will fit in a cache line, so performance looks to be better in this case (although a non-optimal hash function could lead not to be able to store all keys, as chances to fill a bucket are higher). Anyway, for this example, 4 entries/bucket looks a good number to me. > > The documentation in > > http://dpdk.org/doc/api/structrte__hash__parameters.html > > and http://dpdk.org/doc/api/rte__hash_8h.html isn't that clear... is there a > > better place to look for this? > > > > In my case I'm looking to create a table of 4M or 8M entries, containing > > tables of security threat IPs / domains, to be detected in the traffic. So it > > would be good to have some understanding how not to waste a ton of > memory > > on a > > table this huge without making it run super slow either. > > > > Did anybody have some experience with how to get this right? > > It might be worth looking too at the hash table structures in the librte_table > directory for packet framework. These should give better scalability across > millions of flows than the existing rte_hash implementation. [We're looking > here to provide in the future a similar, more scalable, hash table > implementation with an API like that of rte_hash, but that is still under > development here at the moment.] > > > > > Another thing... the LPM table uses 16-bit Hop IDs. But I would probably > have > > more than 64K CIDR blocks of badness on the Internet available to me for > > analysis. How would I cope with this, besides just letting some attackers > > escape unnoticed? ;) > > Actually, I think the next hop field in the lpm implementation is only 8-bits, > not 16 :-). Each lpm entry is only 16-bits in total. > > > > > Have we got some kind of structure which allows a greater number of > CIDRs > > even > > if it's not quite as fast? > > > > Thanks, > > Matthew. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] Defaults for rte_hash 2014-09-09 11:42 ` De Lara Guarch, Pablo @ 2014-09-09 20:42 ` Matthew Hall 0 siblings, 0 replies; 4+ messages in thread From: Matthew Hall @ 2014-09-09 20:42 UTC (permalink / raw) To: De Lara Guarch, Pablo; +Cc: dev On Tue, Sep 09, 2014 at 11:42:40AM +0000, De Lara Guarch, Pablo wrote: > That 4 is not shifted, so it is actually 4 entries/bucket. Actually, the > maximum number of entries you can use is 16, as bucket will be as big as a > cache line. However, regardless the number of entries, memory size will > remain the same, but using 4 entries/bucket, with 16-byte key, all keys > stored for a bucket will fit in a cache line, so performance looks to be > better in this case (although a non-optimal hash function could lead not to > be able to store all keys, as chances to fill a bucket are higher). Anyway, > for this example, 4 entries/bucket looks a good number to me. So, a general purpose hash usually has some kind of conflict resolution when a bucket is full rather than just tossing out entries. It could be open addressing, chaining, secondary hashing, etc. If I'm putting security indicators into a bucket and the buckets just toss stuff out without warning that's a security problem. Same thing could be true for firewall tables. Also, if we're assuming a 16-byte key, what happens when I want to do matching against www.badness.com or www.this-is-a-really-long-malware-domain.net ? Did anybody have a performant general purpose hash table for DPDK that doesn't have problems with bigger keys or depth issues in a bucket? Matthew. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-09-09 20:38 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-09-09 10:31 [dpdk-dev] Defaults for rte_hash Matthew Hall 2014-09-09 10:45 ` Richardson, Bruce 2014-09-09 11:42 ` De Lara Guarch, Pablo 2014-09-09 20:42 ` Matthew Hall
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).