1.. SPDX-License-Identifier: GPL-2.0
2
3=====================================
4Scaling in the Linux Networking Stack
5=====================================
6
7
8Introduction
9============
10
11This document describes a set of complementary techniques in the Linux
12networking stack to increase parallelism and improve performance for
13multi-processor systems.
14
15The following technologies are described:
16
17- RSS: Receive Side Scaling
18- RPS: Receive Packet Steering
19- RFS: Receive Flow Steering
20- Accelerated Receive Flow Steering
21- XPS: Transmit Packet Steering
22
23
24RSS: Receive Side Scaling
25=========================
26
27Contemporary NICs support multiple receive and transmit descriptor queues
28(multi-queue). On reception, a NIC can send different packets to different
29queues to distribute processing among CPUs. The NIC distributes packets by
30applying a filter to each packet that assigns it to one of a small number
31of logical flows. Packets for each flow are steered to a separate receive
32queue, which in turn can be processed by separate CPUs. This mechanism is
33generally known as “Receive-side Scaling” (RSS). The goal of RSS and
34the other scaling techniques is to increase performance uniformly.
35Multi-queue distribution can also be used for traffic prioritization, but
36that is not the focus of these techniques.
37
38The filter used in RSS is typically a hash function over the network
39and/or transport layer headers-- for example, a 4-tuple hash over
40IP addresses and TCP ports of a packet. The most common hardware
41implementation of RSS uses a 128-entry indirection table where each entry
42stores a queue number. The receive queue for a packet is determined
43by masking out the low order seven bits of the computed hash for the
44packet (usually a Toeplitz hash), taking this number as a key into the
45indirection table and reading the corresponding value.
46
47Some NICs support symmetric RSS hashing where, if the IP (source address,
48destination address) and TCP/UDP (source port, destination port) tuples
49are swapped, the computed hash is the same. This is beneficial in some
50applications that monitor TCP/IP flows (IDS, firewalls, ...etc) and need
51both directions of the flow to land on the same Rx queue (and CPU). The
52"Symmetric-XOR" is a type of RSS algorithms that achieves this hash
53symmetry by XORing the input source and destination fields of the IP
54and/or L4 protocols. This, however, results in reduced input entropy and
55could potentially be exploited. Specifically, the algorithm XORs the input
56as follows::
57
58    # (SRC_IP ^ DST_IP, SRC_IP ^ DST_IP, SRC_PORT ^ DST_PORT, SRC_PORT ^ DST_PORT)
59
60The result is then fed to the underlying RSS algorithm.
61
62Some advanced NICs allow steering packets to queues based on
63programmable filters. For example, webserver bound TCP port 80 packets
64can be directed to their own receive queue. Such “n-tuple” filters can
65be configured from ethtool (--config-ntuple).
66
67
68RSS Configuration
69-----------------
70
71The driver for a multi-queue capable NIC typically provides a kernel
72module parameter for specifying the number of hardware queues to
73configure. In the bnx2x driver, for instance, this parameter is called
74num_queues. A typical RSS configuration would be to have one receive queue
75for each CPU if the device supports enough queues, or otherwise at least
76one for each memory domain, where a memory domain is a set of CPUs that
77share a particular memory level (L1, L2, NUMA node, etc.).
78
79The indirection table of an RSS device, which resolves a queue by masked
80hash, is usually programmed by the driver at initialization. The
81default mapping is to distribute the queues evenly in the table, but the
82indirection table can be retrieved and modified at runtime using ethtool
83commands (--show-rxfh-indir and --set-rxfh-indir). Modifying the
84indirection table could be done to give different queues different
85relative weights.
86
87
88RSS IRQ Configuration
89~~~~~~~~~~~~~~~~~~~~~
90
91Each receive queue has a separate IRQ associated with it. The NIC triggers
92this to notify a CPU when new packets arrive on the given queue. The
93signaling path for PCIe devices uses message signaled interrupts (MSI-X),
94that can route each interrupt to a particular CPU. The active mapping
95of queues to IRQs can be determined from /proc/interrupts. By default,
96an IRQ may be handled on any CPU. Because a non-negligible part of packet
97processing takes place in receive interrupt handling, it is advantageous
98to spread receive interrupts between CPUs. To manually adjust the IRQ
99affinity of each interrupt see Documentation/core-api/irq/irq-affinity.rst. Some systems
100will be running irqbalance, a daemon that dynamically optimizes IRQ
101assignments and as a result may override any manual settings.
102
103
104Suggested Configuration
105~~~~~~~~~~~~~~~~~~~~~~~
106
107RSS should be enabled when latency is a concern or whenever receive
108interrupt processing forms a bottleneck. Spreading load between CPUs
109decreases queue length. For low latency networking, the optimal setting
110is to allocate as many queues as there are CPUs in the system (or the
111NIC maximum, if lower). The most efficient high-rate configuration
112is likely the one with the smallest number of receive queues where no
113receive queue overflows due to a saturated CPU, because in default
114mode with interrupt coalescing enabled, the aggregate number of
115interrupts (and thus work) grows with each additional queue.
116
117Per-cpu load can be observed using the mpstat utility, but note that on
118processors with hyperthreading (HT), each hyperthread is represented as
119a separate CPU. For interrupt handling, HT has shown no benefit in
120initial tests, so limit the number of queues to the number of CPU cores
121in the system.
122
123Dedicated RSS contexts
124~~~~~~~~~~~~~~~~~~~~~~
125
126Modern NICs support creating multiple co-existing RSS configurations
127which are selected based on explicit matching rules. This can be very
128useful when application wants to constrain the set of queues receiving
129traffic for e.g. a particular destination port or IP address.
130The example below shows how to direct all traffic to TCP port 22
131to queues 0 and 1.
132
133To create an additional RSS context use::
134
135  # ethtool -X eth0 hfunc toeplitz context new
136  New RSS context is 1
137
138Kernel reports back the ID of the allocated context (the default, always
139present RSS context has ID of 0). The new context can be queried and
140modified using the same APIs as the default context::
141
142  # ethtool -x eth0 context 1
143  RX flow hash indirection table for eth0 with 13 RX ring(s):
144    0:      0     1     2     3     4     5     6     7
145    8:      8     9    10    11    12     0     1     2
146  [...]
147  # ethtool -X eth0 equal 2 context 1
148  # ethtool -x eth0 context 1
149  RX flow hash indirection table for eth0 with 13 RX ring(s):
150    0:      0     1     0     1     0     1     0     1
151    8:      0     1     0     1     0     1     0     1
152  [...]
153
154To make use of the new context direct traffic to it using an n-tuple
155filter::
156
157  # ethtool -N eth0 flow-type tcp6 dst-port 22 context 1
158  Added rule with ID 1023
159
160When done, remove the context and the rule::
161
162  # ethtool -N eth0 delete 1023
163  # ethtool -X eth0 context 1 delete
164
165
166RPS: Receive Packet Steering
167============================
168
169Receive Packet Steering (RPS) is logically a software implementation of
170RSS. Being in software, it is necessarily called later in the datapath.
171Whereas RSS selects the queue and hence CPU that will run the hardware
172interrupt handler, RPS selects the CPU to perform protocol processing
173above the interrupt handler. This is accomplished by placing the packet
174on the desired CPU’s backlog queue and waking up the CPU for processing.
175RPS has some advantages over RSS:
176
1771) it can be used with any NIC
1782) software filters can easily be added to hash over new protocols
1793) it does not increase hardware device interrupt rate (although it does
180   introduce inter-processor interrupts (IPIs))
181
182RPS is called during bottom half of the receive interrupt handler, when
183a driver sends a packet up the network stack with netif_rx() or
184netif_receive_skb(). These call the get_rps_cpu() function, which
185selects the queue that should process a packet.
186
187The first step in determining the target CPU for RPS is to calculate a
188flow hash over the packet’s addresses or ports (2-tuple or 4-tuple hash
189depending on the protocol). This serves as a consistent hash of the
190associated flow of the packet. The hash is either provided by hardware
191or will be computed in the stack. Capable hardware can pass the hash in
192the receive descriptor for the packet; this would usually be the same
193hash used for RSS (e.g. computed Toeplitz hash). The hash is saved in
194skb->hash and can be used elsewhere in the stack as a hash of the
195packet’s flow.
196
197Each receive hardware queue has an associated list of CPUs to which
198RPS may enqueue packets for processing. For each received packet,
199an index into the list is computed from the flow hash modulo the size
200of the list. The indexed CPU is the target for processing the packet,
201and the packet is queued to the tail of that CPU’s backlog queue. At
202the end of the bottom half routine, IPIs are sent to any CPUs for which
203packets have been queued to their backlog queue. The IPI wakes backlog
204processing on the remote CPU, and any queued packets are then processed
205up the networking stack.
206
207
208RPS Configuration
209-----------------
210
211RPS requires a kernel compiled with the CONFIG_RPS kconfig symbol (on
212by default for SMP). Even when compiled in, RPS remains disabled until
213explicitly configured. The list of CPUs to which RPS may forward traffic
214can be configured for each receive queue using a sysfs file entry::
215
216  /sys/class/net/<dev>/queues/rx-<n>/rps_cpus
217
218This file implements a bitmap of CPUs. RPS is disabled when it is zero
219(the default), in which case packets are processed on the interrupting
220CPU. Documentation/core-api/irq/irq-affinity.rst explains how CPUs are assigned to
221the bitmap.
222
223
224Suggested Configuration
225~~~~~~~~~~~~~~~~~~~~~~~
226
227For a single queue device, a typical RPS configuration would be to set
228the rps_cpus to the CPUs in the same memory domain of the interrupting
229CPU. If NUMA locality is not an issue, this could also be all CPUs in
230the system. At high interrupt rate, it might be wise to exclude the
231interrupting CPU from the map since that already performs much work.
232
233For a multi-queue system, if RSS is configured so that a hardware
234receive queue is mapped to each CPU, then RPS is probably redundant
235and unnecessary. If there are fewer hardware queues than CPUs, then
236RPS might be beneficial if the rps_cpus for each queue are the ones that
237share the same memory domain as the interrupting CPU for that queue.
238
239
240RPS Flow Limit
241--------------
242
243RPS scales kernel receive processing across CPUs without introducing
244reordering. The trade-off to sending all packets from the same flow
245to the same CPU is CPU load imbalance if flows vary in packet rate.
246In the extreme case a single flow dominates traffic. Especially on
247common server workloads with many concurrent connections, such
248behavior indicates a problem such as a misconfiguration or spoofed
249source Denial of Service attack.
250
251Flow Limit is an optional RPS feature that prioritizes small flows
252during CPU contention by dropping packets from large flows slightly
253ahead of those from small flows. It is active only when an RPS or RFS
254destination CPU approaches saturation.  Once a CPU's input packet
255queue exceeds half the maximum queue length (as set by sysctl
256net.core.netdev_max_backlog), the kernel starts a per-flow packet
257count over the last 256 packets. If a flow exceeds a set ratio (by
258default, half) of these packets when a new packet arrives, then the
259new packet is dropped. Packets from other flows are still only
260dropped once the input packet queue reaches netdev_max_backlog.
261No packets are dropped when the input packet queue length is below
262the threshold, so flow limit does not sever connections outright:
263even large flows maintain connectivity.
264
265
266Interface
267~~~~~~~~~
268
269Flow limit is compiled in by default (CONFIG_NET_FLOW_LIMIT), but not
270turned on. It is implemented for each CPU independently (to avoid lock
271and cache contention) and toggled per CPU by setting the relevant bit
272in sysctl net.core.flow_limit_cpu_bitmap. It exposes the same CPU
273bitmap interface as rps_cpus (see above) when called from procfs::
274
275  /proc/sys/net/core/flow_limit_cpu_bitmap
276
277Per-flow rate is calculated by hashing each packet into a hashtable
278bucket and incrementing a per-bucket counter. The hash function is
279the same that selects a CPU in RPS, but as the number of buckets can
280be much larger than the number of CPUs, flow limit has finer-grained
281identification of large flows and fewer false positives. The default
282table has 4096 buckets. This value can be modified through sysctl::
283
284  net.core.flow_limit_table_len
285
286The value is only consulted when a new table is allocated. Modifying
287it does not update active tables.
288
289
290Suggested Configuration
291~~~~~~~~~~~~~~~~~~~~~~~
292
293Flow limit is useful on systems with many concurrent connections,
294where a single connection taking up 50% of a CPU indicates a problem.
295In such environments, enable the feature on all CPUs that handle
296network rx interrupts (as set in /proc/irq/N/smp_affinity).
297
298The feature depends on the input packet queue length to exceed
299the flow limit threshold (50%) + the flow history length (256).
300Setting net.core.netdev_max_backlog to either 1000 or 10000
301performed well in experiments.
302
303
304RFS: Receive Flow Steering
305==========================
306
307While RPS steers packets solely based on hash, and thus generally
308provides good load distribution, it does not take into account
309application locality. This is accomplished by Receive Flow Steering
310(RFS). The goal of RFS is to increase datacache hitrate by steering
311kernel processing of packets to the CPU where the application thread
312consuming the packet is running. RFS relies on the same RPS mechanisms
313to enqueue packets onto the backlog of another CPU and to wake up that
314CPU.
315
316In RFS, packets are not forwarded directly by the value of their hash,
317but the hash is used as index into a flow lookup table. This table maps
318flows to the CPUs where those flows are being processed. The flow hash
319(see RPS section above) is used to calculate the index into this table.
320The CPU recorded in each entry is the one which last processed the flow.
321If an entry does not hold a valid CPU, then packets mapped to that entry
322are steered using plain RPS. Multiple table entries may point to the
323same CPU. Indeed, with many flows and few CPUs, it is very likely that
324a single application thread handles flows with many different flow hashes.
325
326rps_sock_flow_table is a global flow table that contains the *desired* CPU
327for flows: the CPU that is currently processing the flow in userspace.
328Each table value is a CPU index that is updated during calls to recvmsg
329and sendmsg (specifically, inet_recvmsg(), inet_sendmsg() and
330tcp_splice_read()).
331
332When the scheduler moves a thread to a new CPU while it has outstanding
333receive packets on the old CPU, packets may arrive out of order. To
334avoid this, RFS uses a second flow table to track outstanding packets
335for each flow: rps_dev_flow_table is a table specific to each hardware
336receive queue of each device. Each table value stores a CPU index and a
337counter. The CPU index represents the *current* CPU onto which packets
338for this flow are enqueued for further kernel processing. Ideally, kernel
339and userspace processing occur on the same CPU, and hence the CPU index
340in both tables is identical. This is likely false if the scheduler has
341recently migrated a userspace thread while the kernel still has packets
342enqueued for kernel processing on the old CPU.
343
344The counter in rps_dev_flow_table values records the length of the current
345CPU's backlog when a packet in this flow was last enqueued. Each backlog
346queue has a head counter that is incremented on dequeue. A tail counter
347is computed as head counter + queue length. In other words, the counter
348in rps_dev_flow[i] records the last element in flow i that has
349been enqueued onto the currently designated CPU for flow i (of course,
350entry i is actually selected by hash and multiple flows may hash to the
351same entry i).
352
353And now the trick for avoiding out of order packets: when selecting the
354CPU for packet processing (from get_rps_cpu()) the rps_sock_flow table
355and the rps_dev_flow table of the queue that the packet was received on
356are compared. If the desired CPU for the flow (found in the
357rps_sock_flow table) matches the current CPU (found in the rps_dev_flow
358table), the packet is enqueued onto that CPU’s backlog. If they differ,
359the current CPU is updated to match the desired CPU if one of the
360following is true:
361
362  - The current CPU's queue head counter >= the recorded tail counter
363    value in rps_dev_flow[i]
364  - The current CPU is unset (>= nr_cpu_ids)
365  - The current CPU is offline
366
367After this check, the packet is sent to the (possibly updated) current
368CPU. These rules aim to ensure that a flow only moves to a new CPU when
369there are no packets outstanding on the old CPU, as the outstanding
370packets could arrive later than those about to be processed on the new
371CPU.
372
373
374RFS Configuration
375-----------------
376
377RFS is only available if the kconfig symbol CONFIG_RPS is enabled (on
378by default for SMP). The functionality remains disabled until explicitly
379configured. The number of entries in the global flow table is set through::
380
381  /proc/sys/net/core/rps_sock_flow_entries
382
383The number of entries in the per-queue flow table are set through::
384
385  /sys/class/net/<dev>/queues/rx-<n>/rps_flow_cnt
386
387
388Suggested Configuration
389~~~~~~~~~~~~~~~~~~~~~~~
390
391Both of these need to be set before RFS is enabled for a receive queue.
392Values for both are rounded up to the nearest power of two. The
393suggested flow count depends on the expected number of active connections
394at any given time, which may be significantly less than the number of open
395connections. We have found that a value of 32768 for rps_sock_flow_entries
396works fairly well on a moderately loaded server.
397
398For a single queue device, the rps_flow_cnt value for the single queue
399would normally be configured to the same value as rps_sock_flow_entries.
400For a multi-queue device, the rps_flow_cnt for each queue might be
401configured as rps_sock_flow_entries / N, where N is the number of
402queues. So for instance, if rps_sock_flow_entries is set to 32768 and there
403are 16 configured receive queues, rps_flow_cnt for each queue might be
404configured as 2048.
405
406
407Accelerated RFS
408===============
409
410Accelerated RFS is to RFS what RSS is to RPS: a hardware-accelerated load
411balancing mechanism that uses soft state to steer flows based on where
412the application thread consuming the packets of each flow is running.
413Accelerated RFS should perform better than RFS since packets are sent
414directly to a CPU local to the thread consuming the data. The target CPU
415will either be the same CPU where the application runs, or at least a CPU
416which is local to the application thread’s CPU in the cache hierarchy.
417
418To enable accelerated RFS, the networking stack calls the
419ndo_rx_flow_steer driver function to communicate the desired hardware
420queue for packets matching a particular flow. The network stack
421automatically calls this function every time a flow entry in
422rps_dev_flow_table is updated. The driver in turn uses a device specific
423method to program the NIC to steer the packets.
424
425The hardware queue for a flow is derived from the CPU recorded in
426rps_dev_flow_table. The stack consults a CPU to hardware queue map which
427is maintained by the NIC driver. This is an auto-generated reverse map of
428the IRQ affinity table shown by /proc/interrupts. Drivers can use
429functions in the cpu_rmap (“CPU affinity reverse map”) kernel library
430to populate the map. For each CPU, the corresponding queue in the map is
431set to be one whose processing CPU is closest in cache locality.
432
433
434Accelerated RFS Configuration
435-----------------------------
436
437Accelerated RFS is only available if the kernel is compiled with
438CONFIG_RFS_ACCEL and support is provided by the NIC device and driver.
439It also requires that ntuple filtering is enabled via ethtool. The map
440of CPU to queues is automatically deduced from the IRQ affinities
441configured for each receive queue by the driver, so no additional
442configuration should be necessary.
443
444
445Suggested Configuration
446~~~~~~~~~~~~~~~~~~~~~~~
447
448This technique should be enabled whenever one wants to use RFS and the
449NIC supports hardware acceleration.
450
451
452XPS: Transmit Packet Steering
453=============================
454
455Transmit Packet Steering is a mechanism for intelligently selecting
456which transmit queue to use when transmitting a packet on a multi-queue
457device. This can be accomplished by recording two kinds of maps, either
458a mapping of CPU to hardware queue(s) or a mapping of receive queue(s)
459to hardware transmit queue(s).
460
4611. XPS using CPUs map
462
463The goal of this mapping is usually to assign queues
464exclusively to a subset of CPUs, where the transmit completions for
465these queues are processed on a CPU within this set. This choice
466provides two benefits. First, contention on the device queue lock is
467significantly reduced since fewer CPUs contend for the same queue
468(contention can be eliminated completely if each CPU has its own
469transmit queue). Secondly, cache miss rate on transmit completion is
470reduced, in particular for data cache lines that hold the sk_buff
471structures.
472
4732. XPS using receive queues map
474
475This mapping is used to pick transmit queue based on the receive
476queue(s) map configuration set by the administrator. A set of receive
477queues can be mapped to a set of transmit queues (many:many), although
478the common use case is a 1:1 mapping. This will enable sending packets
479on the same queue associations for transmit and receive. This is useful for
480busy polling multi-threaded workloads where there are challenges in
481associating a given CPU to a given application thread. The application
482threads are not pinned to CPUs and each thread handles packets
483received on a single queue. The receive queue number is cached in the
484socket for the connection. In this model, sending the packets on the same
485transmit queue corresponding to the associated receive queue has benefits
486in keeping the CPU overhead low. Transmit completion work is locked into
487the same queue-association that a given application is polling on. This
488avoids the overhead of triggering an interrupt on another CPU. When the
489application cleans up the packets during the busy poll, transmit completion
490may be processed along with it in the same thread context and so result in
491reduced latency.
492
493XPS is configured per transmit queue by setting a bitmap of
494CPUs/receive-queues that may use that queue to transmit. The reverse
495mapping, from CPUs to transmit queues or from receive-queues to transmit
496queues, is computed and maintained for each network device. When
497transmitting the first packet in a flow, the function get_xps_queue() is
498called to select a queue. This function uses the ID of the receive queue
499for the socket connection for a match in the receive queue-to-transmit queue
500lookup table. Alternatively, this function can also use the ID of the
501running CPU as a key into the CPU-to-queue lookup table. If the
502ID matches a single queue, that is used for transmission. If multiple
503queues match, one is selected by using the flow hash to compute an index
504into the set. When selecting the transmit queue based on receive queue(s)
505map, the transmit device is not validated against the receive device as it
506requires expensive lookup operation in the datapath.
507
508The queue chosen for transmitting a particular flow is saved in the
509corresponding socket structure for the flow (e.g. a TCP connection).
510This transmit queue is used for subsequent packets sent on the flow to
511prevent out of order (ooo) packets. The choice also amortizes the cost
512of calling get_xps_queues() over all packets in the flow. To avoid
513ooo packets, the queue for a flow can subsequently only be changed if
514skb->ooo_okay is set for a packet in the flow. This flag indicates that
515there are no outstanding packets in the flow, so the transmit queue can
516change without the risk of generating out of order packets. The
517transport layer is responsible for setting ooo_okay appropriately. TCP,
518for instance, sets the flag when all data for a connection has been
519acknowledged.
520
521XPS Configuration
522-----------------
523
524XPS is only available if the kconfig symbol CONFIG_XPS is enabled (on by
525default for SMP). If compiled in, it is driver dependent whether, and
526how, XPS is configured at device init. The mapping of CPUs/receive-queues
527to transmit queue can be inspected and configured using sysfs:
528
529For selection based on CPUs map::
530
531  /sys/class/net/<dev>/queues/tx-<n>/xps_cpus
532
533For selection based on receive-queues map::
534
535  /sys/class/net/<dev>/queues/tx-<n>/xps_rxqs
536
537
538Suggested Configuration
539~~~~~~~~~~~~~~~~~~~~~~~
540
541For a network device with a single transmission queue, XPS configuration
542has no effect, since there is no choice in this case. In a multi-queue
543system, XPS is preferably configured so that each CPU maps onto one queue.
544If there are as many queues as there are CPUs in the system, then each
545queue can also map onto one CPU, resulting in exclusive pairings that
546experience no contention. If there are fewer queues than CPUs, then the
547best CPUs to share a given queue are probably those that share the cache
548with the CPU that processes transmit completions for that queue
549(transmit interrupts).
550
551For transmit queue selection based on receive queue(s), XPS has to be
552explicitly configured mapping receive-queue(s) to transmit queue(s). If the
553user configuration for receive-queue map does not apply, then the transmit
554queue is selected based on the CPUs map.
555
556
557Per TX Queue rate limitation
558============================
559
560These are rate-limitation mechanisms implemented by HW, where currently
561a max-rate attribute is supported, by setting a Mbps value to::
562
563  /sys/class/net/<dev>/queues/tx-<n>/tx_maxrate
564
565A value of zero means disabled, and this is the default.
566
567
568Further Information
569===================
570RPS and RFS were introduced in kernel 2.6.35. XPS was incorporated into
5712.6.38. Original patches were submitted by Tom Herbert
572(therbert@google.com)
573
574Accelerated RFS was introduced in 2.6.35. Original patches were
575submitted by Ben Hutchings (bwh@kernel.org)
576
577Authors:
578
579- Tom Herbert (therbert@google.com)
580- Willem de Bruijn (willemb@google.com)
581