[prev in list] [next in list] [prev in thread] [next in thread]
List: dhcp-hackers
Subject: Re: dhcpd problem on virtual machines
From: Ted Lemon <Ted.Lemon () nominum ! com>
Date: 2010-04-21 14:45:50
Message-ID: 75F9E837-0AD4-4669-9E67-EF4453922661 () nominum ! com
[Download RAW message or body]
On Apr 21, 2010, at 2:27 AM, Alex Zeffertt wrote:
> I'm not sure I understand why the DHCP server would not be on the same LAN as
> the client during lease renewal when it has to be on the same LAN for the
> discover.
There is in fact always a DHCP server or relay agent connected to any network served \
by DHCP. If the DHCP server is not on the local wire, the DHCP relay agent acts as \
an intermediary until the client gets an IP address. After the client has an IP \
address, though, the DHCP relay agent is no longer needed, and at that point renewals \
are processed using unicast communication to the DHCP server, which is routed if the \
DHCP server is off-network.
> However, whatever the explanation, if you need routing for the
> renewal packets then, you're right, using AF_PACKET won't work. I guess that
> means we need a different solution :-(.
Yes.
> Actually, the TCP and UDP packets may never have to be checksummed by the CPU.
> There are two cases. In case 1 the packet is going to another VM on the same
> host, only the pseudo header is checksummed, and the PARTIAL flag is set on
> receive indicating there's no need to verify. In case 2 the packet is going out
> on the wire. In this case the CPU only has to complete the checksum if the NIC
> doesn't support tx checksum offloading. If it does support tx checksum
> offloading then the driver indicates to the NIC the start and end of the UDP or
> TCP packet and the location of the partial checksum, and the NIC completes the
> checksum.
>
> I think it would be difficult to convince the Linux developers to remove support
> for reception of partially checksummed packets. My gut instinct is that they
> will not be prepared to sacrifice performance to benefit applications doing
> TCP/IP in userspace. However, it might be worth bringing this up to see if
> there is an overlooked solution that doesn't sacrifice performance, or require
> applications like dhcp-isc to be virtualisation-aware.
I'm not proposing that they remove support for this performance hack. I'm proposing \
that since the behavior of the kernel is inconsistent when the hack is enabled, it \
should not be enabled by default. As long as there's a sysctl to enable it, anyone \
who benefits from this performance hack can easily enable it on system startup, but \
since it will require a positive action to enable, it will no longer violate the \
principle of least surprise.
The trick to debating with Linux kernel people is to push gently, and never be \
offended when they call you an idiot. If you can pull that off, and be persistent, \
in the long run chances are the right thing will happen. (I learned this the hard \
way, of course... :')
_______________________________________________
dhcp-hackers mailing list
dhcp-hackers@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-hackers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic