On Wed, Mar 09, 2016 at 12:24:00PM -0500, David Miller wrote:
...
> We asked you for numbers without a lot of features enabled, it'll
> help us diagnose which subsystem still causes a lot of overhead
> much more clearly.
>
> So please do so.
Sure. Gimme some time and I'll back with numbers.
> Although it's already pretty clear that netfilter conntrack
> cleanup is insanely expensive.
Yes. I can drop it off for a while and run tests without it,
then turn it back and try again. Would you like to see such
numbers?
> You're also jumping to a lot of conclusions, work with us to fix the
> fundamental performance problems rather than continually insisting on
> a limit.
>
> We should be able to remove millions of IP addresses in less than
> half a second, no problem. Limits make no sense at all.
Sure, I'll continue experimenting (and turn off preemt as
a first step). Sorry if I sounded rough.
Cyrill
