[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shim6 failure recovery after garbage collection



Joe Abley wrote:

One of the more comprehensible objections to shim6 that was raised at NANOG 35 was from large content providers who currently serve many thousands of simultaneous clients through load balancers or other content-aggregation devices (the kind of devices which switch connections to origin servers without having to store any locally).

But when I watched the Nanog movie on that session, there seemed to be a prevailing confusion that shim6 would setup state for every TCP connection, when in fact its state is per IP address pair.

I don't remember the precise number of simultaneous sessions the devices were intended to be capable of serving, but it was a lot.

The observation was that with the amount of (server, client) state being held on those devices, adding what might be an average of (say) 2x128 bits + misc overhead per session might present scaling difficulties.

Sure, but each TCP connection in TIME_WAIT state (and there can be a large number of them for every client IP address) takes up more memory than that.

For active sessions then in addition to the TCP state there is also socket level state plus some state in the applications memory, so in that case the shim6 state (which is per client IP address and not per connection) might disappear completely in the noise.

Perhaps Igor or Patrick could comment on likely numbers of (server, client) state required (perhaps excluding sessions in TIME_WAIT) in their experience -- with actual numbers, the scale of the issue might be more apparent.

I think having three sets of numbers would be the most helpful:
 - number of active TCP connections (not in TIME_WAIT)
 - number of unique client IP addresses for those connections
 - number of TIME_WAIT TCP connections

I can measure how much memory is used by each one (assuming the application state per active connection is zero) to get some ballpark numbers of the impact on shim6 for every active client IP address.

   Erik