[patch mlxsw.wiki] ACLs: Add shared blocks
Ido Schimmel
idosch at mellanox.com
Fri Apr 27 18:51:31 AEST 2018
On Thu, Apr 26, 2018 at 05:27:50PM +0200, Jiri Pirko wrote:
> From: Jiri Pirko <jiri at mellanox.com>
>
> Signed-off-by: Jiri Pirko <jiri at mellanox.com>
Applied with minor changes. Thanks!
> ---
> ACLs.md | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 63 insertions(+), 2 deletions(-)
>
> diff --git a/ACLs.md b/ACLs.md
> index 79a5c9aa3ee0..ffcf66b4ac4d 100644
> --- a/ACLs.md
> +++ b/ACLs.md
> @@ -7,7 +7,8 @@
> 5. [Trap Action Example Usage](#trap-action-example-usage)
> 6. [Multi-table/Multi-chain Support](#multi-tablemulti-chain-support)
> 7. [Mirred Action Example Usage](#mirred-action-example-usage)
> - 8. [More Examples](#more-examples)
> + 8. [Shared Blocks Support](#shared-blocks-support)
> + 9. [More Examples](#more-examples)
> 2. [Further Resources](#further-resources)
>
> TC Flower
> @@ -162,6 +163,66 @@ address `fe01::1`. The selected action is `mirred`.
> This rule insertion instructs the hardware to redirect/mirror matched packet
> to the specified interface, enp3s0np2 in the example.
>
> +#### Shared Blocks Support
> +
> +By default, each qdisc has its own group of chains (each contains filters).
> +This group of chains is called `block`. For example for `ingress`
> +qdisc the mapping between netdev:qdisc:block is 1:1:1.
> +
> +But consider a case when you have 2 netdevices, you create ingress qdisc
> +on both. Now if you want to add identical set of filter rules to both,
> +you need to add them twice. One for each netdev:qdisc:block. That is
> +of course doable, but when the filters are offloaded to TCAM with limited
> +number of entries, the duplications may become a scale issue. Sharing of
> +blocks is aiming to resolve that.
Changed to: "Sharing of blocks aims to resolve that."
> +
> +In order to ask kernel to share blocks, one has to indicate so during qdisc
> +creation:
> +
> +```
> +$ tc qdisc add dev enp3s0np1 ingress_block 22 ingress
> +$ tc qdisc add dev enp3s0np2 ingress_block 22 ingress
> +```
> +
> +These two commands added ingress qdiscs to both netdevices. Note the
> +"ingress_block" option that indicates that both qdiscs should share the same
> +block identified by index "22". It is up to the user to choose the
> +block index.
Used `` instead of "" around ingress_block and 22.
More information about the Linux-mlxsw
mailing list