3.2.27. fast-path¶
Fast path configuration.
vrouter running config# system fast-path
enabled¶
Enable or disable the fast path.
vrouter running config# system fast-path
vrouter running fast-path# enabled true|false
- Default value
true
port¶
A physical network port managed by the fast path.
vrouter running config# system fast-path
vrouter running fast-path# port <leafref>
core-mask¶
Dedicate cores to fast path or exception path.
vrouter running config# system fast-path core-mask
fast-path¶
List of cores dedicated to fast path.
vrouter running config# system fast-path core-mask
vrouter running core-mask# fast-path FAST-PATH
|
Description |
---|---|
max |
Dedicate the maximum number of cores to the fast path. |
half |
Dedicate half of the cores to the fast path. |
min |
Dedicate the minimum number of cores to the fast path. |
<cores-list> |
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
exception¶
Control plane cores allocated to exception packets processing. If unset, use the first non fast path core.
vrouter running config# system fast-path core-mask
vrouter running core-mask# exception EXCEPTION
EXCEPTION |
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
linux-to-fp¶
Fast path cores that can receive packets from Linux. It must be included in fast path mask. If unset, all fast path cores can receive packets from Linux.
vrouter running config# system fast-path core-mask
vrouter running core-mask# linux-to-fp LINUX-TO-FP
LINUX-TO-FP |
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
qos¶
Fast path cores dedicated for qos schedulers. These cores do not received any packets from the NIC or Linux.
vrouter running config# system fast-path core-mask
vrouter running core-mask# qos QOS
QOS |
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
port¶
Map fast path cores with network ports, specifying which logical cores poll which ports. Example: ‘c1=0:1/c2=2/c3=0:1:2’ means the logical core 1 polls the port 0 and 1, the core 2 polls the port 2, and the core 3 polls the ports 0, 1, and 2. If unset, each port is polled by all the logical cores of the same socket.
vrouter running config# system fast-path core-mask
vrouter running core-mask# port <core-port-map>
cp-protection¶
Control plane protection configuration.
vrouter running config# system fast-path cp-protection
budget¶
Maximum CPU usage allowed for Control Plane Protection in percent.
vrouter running config# system fast-path cp-protection
vrouter running cp-protection# budget <int16>
- Default value
10
crypto¶
Fast path crypto configuration.
vrouter running config# system fast-path crypto
driver¶
Crypto driver. If unset, select automatically.
vrouter running config# system fast-path crypto
vrouter running crypto# driver DRIVER
|
Description |
---|---|
multibuffer |
Intel multibuffer library. |
quickassist |
Intel quickassist. |
dpdk-pmd |
DPDK crypto PMD. |
octeontxcpt |
Marvell Octeon TX. |
offload-core-mask¶
Fast path cores that can do crypto operations for other fast path cores. It must be included in fast path mask. The crypto offloading is always done on cores in the same NUMA node.
vrouter running config# system fast-path crypto
vrouter running crypto# offload-core-mask OFFLOAD-CORE-MASK
OFFLOAD-CORE-MASK |
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
nb-session¶
Maximum number of cryptographic sessions.
vrouter running config# system fast-path crypto
vrouter running crypto# nb-session <uint32>
nb-buffer¶
Maximum number of cryptographic buffers, representing the maximum number of in-flight operations, either being processed by the asynchronous crypto engine, or waiting in crypto device queues.
vrouter running config# system fast-path crypto
vrouter running crypto# nb-buffer <uint32>
advanced¶
Advanced configuration for fast path.
vrouter running config# system fast-path advanced
nb-mbuf¶
Number of mbufs (network packet descriptors). The value can be an integer representing the total number of mbufs, an integer prefixed with ‘+’ representing the number of mbufs to add to the automatic value. In case of NUMA, the value can be a per-socket list. If unset, nb-mbuf is determined automatically.
vrouter running config# system fast-path advanced
vrouter running advanced# nb-mbuf <nb-mbuf>
mainloop-sleep-delay¶
If set, add a sleep time after each idle mainloop turn. This will drastically decrease performance.
vrouter running config# system fast-path advanced
vrouter running advanced# mainloop-sleep-delay <uint16>
offload¶
Enable or disabled advanced offload features such as TSO, L4 checksum offloading, or offload information forwarding from a guest to the NIC through a virtual interface. If unset, use default product configuration.
vrouter running config# system fast-path advanced
vrouter running advanced# offload true|false
vlan-strip¶
Strip the VLAN header from incoming frames if supported by the hardware. By default, vlan stripping feature is disabled.
vrouter running config# system fast-path advanced
vrouter running advanced# vlan-strip true|false
intercore-ring-size¶
Set the size of the intercore rings, used by dataplane cores to send messages to another dataplane core. The default size depends on the product.
vrouter running config# system fast-path advanced
vrouter running advanced# intercore-ring-size <uint16>
software-txq¶
Set the default size of Tx software queue. This field must be a power of 2. Default is 0 (no software queue).
vrouter running config# system fast-path advanced
vrouter running advanced# software-txq <uint16>
nb-rxd¶
Set the default number of Rx hardware descriptors for Ethernet ports. The value must be accepted by all devices on the system. If unset, an automatic value is used.
vrouter running config# system fast-path advanced
vrouter running advanced# nb-rxd <uint16>
nb-txd¶
Set the default number of Tx hardware descriptors for Ethernet ports. The value must be accepted by all devices on the system. If unset, an automatic value is used.
vrouter running config# system fast-path advanced
vrouter running advanced# nb-txd <uint16>
limits¶
Global runtime limits for fast path.
vrouter running config# system fast-path limits
fp-max-if¶
Maximum number of interfaces. It includes physical ports and virtual interfaces like gre, vlan, …
vrouter running config# system fast-path limits
vrouter running limits# fp-max-if <uint32>
fp-max-vrf¶
Maximum number of VRFs.
vrouter running config# system fast-path limits
vrouter running limits# fp-max-vrf <uint32>
ip4-max-addr¶
Maximum number of IPv4 addresses.
vrouter running config# system fast-path limits
vrouter running limits# ip4-max-addr <uint32>
ip4-max-route¶
Maximum number of IPv4 routes.
vrouter running config# system fast-path limits
vrouter running limits# ip4-max-route <uint32>
ip4-max-neigh¶
Maximum number of IPv4 neighbors.
vrouter running config# system fast-path limits
vrouter running limits# ip4-max-neigh <uint32>
ip6-max-addr¶
Maximum number of IPv6 addresses.
vrouter running config# system fast-path limits
vrouter running limits# ip6-max-addr <uint32>
ip6-max-route¶
Maximum number of IPv6 routes.
vrouter running config# system fast-path limits
vrouter running limits# ip6-max-route <uint32>
ip6-max-neigh¶
Maximum number of IPv6 neighbors.
vrouter running config# system fast-path limits
vrouter running limits# ip6-max-neigh <uint32>
pbr-max-rule¶
Maximum number of PBR rules.
vrouter running config# system fast-path limits
vrouter running limits# pbr-max-rule <uint32>
filter4-max-rule¶
Maximum number of IPv4 Netfilter rules.
vrouter running config# system fast-path limits
vrouter running limits# filter4-max-rule <uint32>
filter6-max-rule¶
Maximum number of IPv6 Netfilter rules.
vrouter running config# system fast-path limits
vrouter running limits# filter6-max-rule <uint32>
filter4-max-ct¶
Maximum number of IPv4 Netfilter conntracks.
vrouter running config# system fast-path limits
vrouter running limits# filter4-max-ct <uint32>
filter6-max-ct¶
Maximum number of IPv6 Netfilter conntracks.
vrouter running config# system fast-path limits
vrouter running limits# filter6-max-ct <uint32>
filter-max-ipset¶
Maximum number of ipsets per VRF.
vrouter running config# system fast-path limits
vrouter running limits# filter-max-ipset <uint32>
filter-max-ipset-entry¶
Maximum number of entries per ipset.
vrouter running config# system fast-path limits
vrouter running limits# filter-max-ipset-entry <uint32>
filter-bridge-max-rule¶
Maximum number of bridge filter rules.
vrouter running config# system fast-path limits
vrouter running limits# filter-bridge-max-rule <uint32>
vxlan-max-port¶
Maximum number of (VXLAN destination port, VRF) pairs.
vrouter running config# system fast-path limits
vrouter running limits# vxlan-max-port <uint32>
vxlan-max-if¶
Maximum number of VXLAN interfaces.
vrouter running config# system fast-path limits
vrouter running limits# vxlan-max-if <uint32>
vxlan-max-fdb¶
Maximum number of VXLAN forwarding database entries.
vrouter running config# system fast-path limits
vrouter running limits# vxlan-max-fdb <uint32>
reass4-max-queue¶
Maximum number of simultaneous reassembly procedures for IPv4.
vrouter running config# system fast-path limits
vrouter running limits# reass4-max-queue <uint32>
reass6-max-queue¶
Maximum number of simultaneous reassembly procedures for IPv6.
vrouter running config# system fast-path limits
vrouter running limits# reass6-max-queue <uint32>
ipsec-max-sp¶
Maximum number of IPv4 and IPv6 IPsec SPs.
vrouter running config# system fast-path limits
vrouter running limits# ipsec-max-sp <uint32>
ipsec-max-sa¶
Maximum number of IPv4 and IPv6 IPsec SAs.
vrouter running config# system fast-path limits
vrouter running limits# ipsec-max-sa <uint32>
ip-max-8-table¶
Maximum number of IPv4 and IPv6 /8 table entries.
vrouter running config# system fast-path limits
vrouter running limits# ip-max-8-table <uint32>
filter-max-cache¶
Maximum number of IPv4 flows stored in filter cache.
vrouter running config# system fast-path limits
vrouter running limits# filter-max-cache <uint32>
filter6-max-cache¶
Maximum number of IPv6 flows stored in filter cache.
vrouter running config# system fast-path limits
vrouter running limits# filter6-max-cache <uint32>
vlan-max-if¶
Maximum number of VLAN interfaces.
vrouter running config# system fast-path limits
vrouter running limits# vlan-max-if <uint32>
macvlan-max-if¶
Maximum number of MACVLAN (VRRP) interfaces.
vrouter running config# system fast-path limits
vrouter running limits# macvlan-max-if <uint32>
gre-max-if¶
Maximum number of GRE interfaces.
vrouter running config# system fast-path limits
vrouter running limits# gre-max-if <uint32>
svti-max-if¶
Maximum number of SVTI interfaces.
vrouter running config# system fast-path limits
vrouter running limits# svti-max-if <uint32>
linux-sync¶
Advanced tuning for fast path / Linux synchronization.
vrouter running config# system fast-path linux-sync
fpm-socket-size¶
Buffer size of the socket used to communicate between the cache manager and the fast path manager.
vrouter running config# system fast-path linux-sync
vrouter running linux-sync# fpm-socket-size <uint32>
- Default value
2097152
nl-socket-size¶
Buffer size of the cache manager netlink socket.
vrouter running config# system fast-path linux-sync
vrouter running linux-sync# nl-socket-size <uint32>
- Default value
67108864
disable¶
Disable synchronization for specific modules.
vrouter running config# system fast-path linux-sync
vrouter running linux-sync# disable DISABLE
|
Description |
---|---|
bpf |
Disable BPF synchronization (used by traffic capture). |
bridge |
Disable bridge interface synchronization. |
conntrack |
Disable connection tracking synchronization. |
firewall |
Disable firewall synchronization. |
gre |
Disable GRE interface synchronization. |
ipip |
Disable IP in IP interface synchronization. |
ipsec |
Disable IPsec synchronization. |
ipset4 |
Disable IPv4 ipset synchronization (used by firewall IPv4 address/network groups). |
ipset6 |
Disable IPv6 ipset synchronization (used by firewall IPv6 address/network groups). |
ipv6 |
Disable IPv6 synchronization. |
lag |
Disable LAG interface synchronization. |
macvlan |
Disable MACVLAN interface synchronization (used by VRRP). |
mpls |
Disable MPLS synchronization. |
nat |
Disable NAT synchronization. |
svti |
Disable SVTI interface synchronization. |
vlan |
Disable VLAN interface synchronization. |
vxlan |
Disable VXLAN interface synchronization. |