[patch mlxsw.wiki] ACLs: Add shared blocks
Jiri Pirko
jiri at mellanox.com
Fri Apr 27 18:56:19 AEST 2018
Fri, Apr 27, 2018 at 10:51:31AM CEST, idosch at mellanox.com wrote:
>On Thu, Apr 26, 2018 at 05:27:50PM +0200, Jiri Pirko wrote:
>> From: Jiri Pirko <jiri at mellanox.com>
>>
>> Signed-off-by: Jiri Pirko <jiri at mellanox.com>
>
>Applied with minor changes. Thanks!
Thanks.
>
>> ---
>> ACLs.md | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
>> 1 file changed, 63 insertions(+), 2 deletions(-)
>>
>> diff --git a/ACLs.md b/ACLs.md
>> index 79a5c9aa3ee0..ffcf66b4ac4d 100644
>> --- a/ACLs.md
>> +++ b/ACLs.md
>> @@ -7,7 +7,8 @@
>> 5. [Trap Action Example Usage](#trap-action-example-usage)
>> 6. [Multi-table/Multi-chain Support](#multi-tablemulti-chain-support)
>> 7. [Mirred Action Example Usage](#mirred-action-example-usage)
>> - 8. [More Examples](#more-examples)
>> + 8. [Shared Blocks Support](#shared-blocks-support)
>> + 9. [More Examples](#more-examples)
>> 2. [Further Resources](#further-resources)
>>
>> TC Flower
>> @@ -162,6 +163,66 @@ address `fe01::1`. The selected action is `mirred`.
>> This rule insertion instructs the hardware to redirect/mirror matched packet
>> to the specified interface, enp3s0np2 in the example.
>>
>> +#### Shared Blocks Support
>> +
>> +By default, each qdisc has its own group of chains (each contains filters).
>> +This group of chains is called `block`. For example for `ingress`
>> +qdisc the mapping between netdev:qdisc:block is 1:1:1.
>> +
>> +But consider a case when you have 2 netdevices, you create ingress qdisc
>> +on both. Now if you want to add identical set of filter rules to both,
>> +you need to add them twice. One for each netdev:qdisc:block. That is
>> +of course doable, but when the filters are offloaded to TCAM with limited
>> +number of entries, the duplications may become a scale issue. Sharing of
>> +blocks is aiming to resolve that.
>
>Changed to: "Sharing of blocks aims to resolve that."
>
>
>> +
>> +In order to ask kernel to share blocks, one has to indicate so during qdisc
>> +creation:
>> +
>> +```
>> +$ tc qdisc add dev enp3s0np1 ingress_block 22 ingress
>> +$ tc qdisc add dev enp3s0np2 ingress_block 22 ingress
>> +```
>> +
>> +These two commands added ingress qdiscs to both netdevices. Note the
>> +"ingress_block" option that indicates that both qdiscs should share the same
>> +block identified by index "22". It is up to the user to choose the
>> +block index.
>
>Used `` instead of "" around ingress_block and 22.
More information about the Linux-mlxsw
mailing list