Are there any limit values when configuring OVS Kernel Hardware on ConnectX-6 LX?

kyoon · July 31, 2023, 7:49am

When configuring HWOL through ConnectX-6 LX and OVS, we confirmed that Conntack Offlaod works when using OVN ACL.

However, when performing the TCP CPS test, the Netfiler Conntrack Table size exceeds 700k, it is not HW_OFFLOADed and is processed by OVS, causing a performance delay.

Conntrack Table, OVS Conntrack Table, the number of Offload sessions decreased from 700k, and packets were dropped due to SoftIRQ spikes due to packet processing delays.

Every 5.0s: conntrack -L | grep HW_OFF | awk '{print $4}' | sort | uniq -c                                                                                         
conntrack v1.4.6 (conntrack-tools): 505050 flow entries have been shown.               
   5035 CLOSE                                                                          
  23286 dst=10.168.66.14                                                               
  23199 dst=10.168.66.151                                                              
  23287 dst=10.168.66.17                                                               
  23254 dst=10.168.66.19                                                               
  23286 dst=10.168.66.204                                                              
  23237 dst=10.168.66.221                                                              
  23296 dst=10.168.66.223                                                              
  23283 dst=10.168.66.252                                                              
  23239 dst=10.168.66.88                                                               
  23238 dst=10.168.66.97                                                               
    155 FIN_WAIT                                                                       
   2766 LAST_ACK

Every 5.0s: conntrack -L | grep -v HW_OFF | awk '{print $4}' | sort | uniq -c  
conntrack v1.4.6 (conntrack-tools): 513657 flow entries have been shown.
  98197 CLOSE
    428 dst=10.168.66.14
    428 dst=10.168.66.151
    485 dst=10.168.66.17 
    388 dst=10.168.66.19
    419 dst=10.168.66.204
    401 dst=10.168.66.221
    399 dst=10.168.66.223
    421 dst=10.168.66.252
    400 dst=10.168.66.88 
    416 dst=10.168.66.97
  22598 ESTABLISHED              
      1 FIN_WAIT   
 145288 LAST_ACK
      1 src=10.168.66.88
     15 SYN_RECV        
     12 SYN_SENT 
   2635 TIME_WAIT

There seems to be a Conntrack Table limit per NIC model.
Is it possible to share the limit values by ConnectX-6 LX, ConnectX-6, and ConnectX-6 DX?

1.Hardware
Server: Dell R7615
CPU: AMD Epyc 9654P
Memory: 384GB
NUMA: 1
NIC: Connect-X 6LX

2.Software Versions
OS: Ubuntu 22.04.2 LTS
Kernel: 5.15
Openstack Version: Yoga
OVN: 22.03
OVS: 2.17.5
MLNX OFED Driver: 5.8-2.0.3
Firmware: 26.35.1012 (DEL0000000031)

3.SmartNIC Configuration
3-1. Driver
vport_match_mode: metadata
steering_mode: smfs
ct_action_on_nat_conns: disable
ct_labels_mapping: disable
ct_max_offloaded_conns: 4294967295

3-2. Devlink Param
num_of_groups: 15

3-3. MSTConfig
PF_NUM_PF_MSIX_VALID: False(0)
STRICT_VF_MSIX_NUM: False(0)
NUM_PF_MSIX_VALID: True(1)
NUM_PF_MSIX: 127
NUM_VF_MSIX: 127
PF_NUM_PF_MSIX: 63
DYNAMIC_VF_MSIX_TABLE: False(0)

abirman · August 13, 2023, 10:19am

Hi,

The information about connection tracking configuration and amount of connections can be found at the below link:
https://docs.nvidia.com/networking/display/BlueFieldDPUOSLatest/Virtual+Switch+on+DPU#VirtualSwitchonDPU-ConnectionTrackingOffloadConnectionTrackingOffload

In the case of performance issues, a support case should be opened in Nvidia portal, and it will be handled according to the support entitlement.

Best Regards,
Anatoly

kyoon · August 13, 2023, 11:49pm

Yes I will proceed through case open.
Thank you for your response.

system · August 27, 2023, 11:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.