virtio-net RSS Inner Header Hash
本文将mark下virtio-net RSS Inner Header Hash的相关notes。
基础知识
需要理解网络Tunnel协议,清楚Outer Header与Inner Header的概念。
distribute different flows
传统隧道协议由于在外头部中缺少足够的熵,导致收包时报文汇聚到单个队列上,无法发挥多队列收包的优势。
For legacy systems, they may lack entropy fields which modern protocols have in the outer header, resulting in multiple flows with the same outer header but different inner headers being directed to the same receive queue. This results in poor receive performance.
To address this limitation, inner header hash can be used to enable the device to advertise the capability to calculate the hash for the inner packet, regaining better receive performance.
Legacy tunneling protocols, lacking the outer header entropy, can use RSS with the inner header hash to distribute flows with identical outer but different inner headers across various queues, improving performance.
identify same flow
Identify an inner flow distributed across multiple outer tunnels.
现代隧道协议在某些场景需要通过将同一条流接收在同一个队列上以获得性能收益,而外头部不容易做到。
Currently, a received encapsulated packet has an outer and an inner header, but the virtio device is unable to calculate the hash for the inner header. The same flow can traverse through different tunnels, resulting in the encapsulated packets being spread across multiple receive queues (refer to the figure below). However, in certain scenarios, we may need to direct these encapsulated packets of the same flow to a single receive queue. This facilitates the processing of the flow by the same CPU to improve performance (warm caches, less locking, etc.).
client1 client2
| +-------+ |
+------->|tunnels|<--------+
+-------+
| |
v v
+-----------------+
| monitoring host |
+-----------------+
To achieve this, the device can calculate a symmetric hash based on the inner headers of the same flow.
symmetric hash
symmetric hash确保同一个五元组(无论方向)哈希到同一个桶中,即当源IP和目标IP、源端口和目标端口互换时,哈希值仍然能保持一致。
https://lore.kernel.org/virtio-dev/e573702a-9a2e-d210-f13a-f0b241442991@linux.alibaba.com/
Spec描述
VIRTIO_NET_F_HASH_TUNNEL
5.1.6.4.4.1 Encapsulated packet
Multiple tunneling protocols allow encapsulating an inner, payload packet in an outer, encapsulated packet. The encapsulated packet thus contains an outer header and an inner header, and the device calculates the hash over either the inner header or the outer header.
If VIRTIO_NET_F_HASH_TUNNEL is negotiated and a received encapsulated packet’s outer header matches one of the encapsulation types enabled in enabled_tunnel_types, then the device uses the inner header for hash calculations (only a single level of encapsulation is currently supported).
If VIRTIO_NET_F_HASH_TUNNEL is negotiated and a received packet’s (outer) header does not match any encapsulation types enabled in enabled_tunnel_types, then the device uses the outer header for hash calculations.
参考资料: