diff options
| author | Eric Dumazet <edumazet@google.com> | 2018-03-08 15:51:41 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-03-09 11:23:11 -0500 |
| commit | 79134e6ce2c9d1a00eab4d98cb48f975dd2474cb (patch) | |
| tree | b5f8a1d1f2036315e6955d015fd181c538ed8ebf /Documentation/sysctl | |
| parent | 2b3905de8b3d8511aee1d4acbf063197291cdd3f (diff) | |
net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.
These tunnels are also automatically created when a new network
namespace is created, at a great cost.
In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)
Add a new sysctl so that we can opt-out from this automatic creation.
Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.
Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
(for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
done
wait
lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m37.521s
user 0m0.886s
sys 7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m4.761s
user 0m0.851s
sys 1m8.343s
lpk43:~#
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/sysctl')
| -rw-r--r-- | Documentation/sysctl/net.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Documentation/sysctl/net.txt b/Documentation/sysctl/net.txt index 35c62f522754..5992602469d8 100644 --- a/Documentation/sysctl/net.txt +++ b/Documentation/sysctl/net.txt | |||
| @@ -270,6 +270,18 @@ optmem_max | |||
| 270 | Maximum ancillary buffer size allowed per socket. Ancillary data is a sequence | 270 | Maximum ancillary buffer size allowed per socket. Ancillary data is a sequence |
| 271 | of struct cmsghdr structures with appended data. | 271 | of struct cmsghdr structures with appended data. |
| 272 | 272 | ||
| 273 | fb_tunnels_only_for_init_net | ||
| 274 | ---------------------------- | ||
| 275 | |||
| 276 | Controls if fallback tunnels (like tunl0, gre0, gretap0, erspan0, | ||
| 277 | sit0, ip6tnl0, ip6gre0) are automatically created when a new | ||
| 278 | network namespace is created, if corresponding tunnel is present | ||
| 279 | in initial network namespace. | ||
| 280 | If set to 1, these devices are not automatically created, and | ||
| 281 | user space is responsible for creating them if needed. | ||
| 282 | |||
| 283 | Default : 0 (for compatibility reasons) | ||
| 284 | |||
| 273 | 2. /proc/sys/net/unix - Parameters for Unix domain sockets | 285 | 2. /proc/sys/net/unix - Parameters for Unix domain sockets |
| 274 | ------------------------------------------------------- | 286 | ------------------------------------------------------- |
| 275 | 287 | ||