This repository has been archived by the owner on Jun 20, 2024. It is now read-only.
441 slow ARP fixes #457
Merged
441 slow ARP fixes #457
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When an IP address was reused by a new container, other containers could experience delays of many seconds the first time they tried to talk to that new container before successful communication would occur. This delay came from three sources related to ARP cache behaviour: - The kernel would take a while to decide that an ARP mapping was stale due to lack of positive evidence (due to the base_reachable_time default of 30s) - Even once an ARP mapping was considered stale, the kernel would wait a few seconds before sending an ARP request, in the hope that a higher layer (e.g. TCP) would confirm the ARP entry (due to the delay_first_probe default of 5s) - When the kernel sent out an ARP request to update a stale entry, initial attempts would unicast the request to the old MAC address before resorting to broadcast (due to the ucast_solicit default of 3) This change reduces all these values, so that any delays are a few seconds. For most workloads, this should not greatly increase the amount of ARP traffic, because communication via TCP is often sufficient to confirm ARP entries. And one unicast ARP request is still sent just in case. Unfortunately, there's a fixed-but-only-recently bug in the kernel that means that changing base_reachable_time can take a while to take effect: <https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4bf6980dd0328530783fd657c776e3719b421d30>. This means that a container will continue to use a long reachable_time delay for the first few minutes of its life.
Not quite a pure refactoring because it adds a missing 'validate_cidr'.
Using arping, which is part of the iputils package and so seems to be ubiquitous.
The most likely cause of failure is the container going away, in which. case we don't need to clean up. And there are other points of possible failure in the same category in attach(), so making sure we clean up the container interface under all conditions is a broader issue.
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #441.