> On Feb. 27, 2015, 7:50 a.m., Ian Downes wrote: > > src/slave/containerizer/isolators/network/port_mapping.cpp, lines 1828-1847 > > <https://reviews.apache.org/r/31505/diff/1/?file=879084#file879084line1828> > > > > I'm confused - do these need to be configured for each container? I > > thought all (host and container) icmp traffic was on the same flow?
All ICMP traffic is on the same flow, this filter should only be created once because it is inside the "if (targets.size() == 1)" check. - Cong ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31505/#review74457 ----------------------------------------------------------- On March 2, 2015, 5:21 p.m., Cong Wang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31505/ > ----------------------------------------------------------- > > (Updated March 2, 2015, 5:21 p.m.) > > > Review request for mesos, Chi Zhang, Ian Downes, and Jie Yu. > > > Bugs: MESOS-2422 > https://issues.apache.org/jira/browse/MESOS-2422 > > > Repository: mesos > > > Description > ------- > > Currently we do nothing on the host egress side. By default, kernel uses its > own hash function to classify the packets to different TX queues (if the > hardware interface supports multiqueue). So packets coming out of different > containers could end up queueing in the same TX queue, in this case we saw > buffer bloat on some TX queue caused packet drops. > > We need to isolation the egress traffic so that containers will not have > interference with each other. The number of hardware TX queues is limited by > hardware interface, usually not enough to map our container in 1:1 way, > therefore we need some software solution. We choose fq_codel and use tc > filters to classify packets coming out of different containers to different > fq_codel flows, and the codel algorithm on each flow could also help us to > reduce the buffer bloat. Note when the packets leave fq_codel, they still > share the physical TX queue(s), this is however (almost) beyond what we can > control, we have to rely on the kernel behavior. > > TODO: get some performance numbers > > > Diffs > ----- > > src/slave/containerizer/isolators/network/port_mapping.hpp > 8443097b2c79fef5ae0e23a3fb815ffec0318a93 > src/slave/containerizer/isolators/network/port_mapping.cpp > 5227987cdb7b904c2f4bb2bdf5c5d705a435010d > > Diff: https://reviews.apache.org/r/31505/diff/ > > > Testing > ------- > > Manually start two mesos containers with netperf running side. > > > Thanks, > > Cong Wang > >
