Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use netip.Addr for FlowExporter #5532

Merged
merged 5 commits into from
Nov 1, 2023
Merged

Use netip.Addr for FlowExporter #5532

merged 5 commits into from
Nov 1, 2023

Conversation

antoninbas
Copy link
Contributor

Replace net.IP with netip.Addr in FlowExporter implementation

The net/netip package was introduced in Go 1.18. Compared to the
existing net.IP type, the netip.Addr type takes less memory (especially
for IPv6 addresses), is immutable, and is comparable so it supports ==
and can be used as a map key.

In our case, this means that the flowexporter.Connection type takes a
little less memory, and that the flowexporter.Tuple can be used directly
as the flowexporter.ConnectionKey (no need to generate a string for use
as the map key). Overall, this leads to higher performance (decreased
CPU and memory usage) for the FlowExporter.

There is potential for further improvement, as several key functions
take as parameters both the flowexporter.Connection and
flowexporter.ConnectionKey objects, which is no longer really required.

@antoninbas
Copy link
Contributor Author

Benchmark results:

CPU (ns/op) 

|                                    | net.IP    | netip.Addr | change |
| ---------------------------------- | --------- | ---------- | ------ |
| BenchmarkPoll-IPv4                 | 14206994  | 11121690   | -21.7% |
| BenchmarkPoll-IPv6                 | 16447742  | 10823494   | -34.2% |
| BenchmarkConnStore-IPv4            | 116750728 | 103335897  | -11.5% |
| BenchmarkConnStore-IPv6            | 121885558 | 109426883  | -10.2% |
| BenchmarkExportConntrackConns-IPv4 | 341007    | 282496     | -17.1% |
| BenchmarkExportConntrackConns-IPv6 | 355618    | 283956     | -20.2% |
| BenchmarkExportDenyConns-IPv4      | 336936    | 290783     | -13.7% |
| BenchmarkExportDenyConns-IPv6.     | 356949    | 290070     | -18.7% |

Memory (B/op) 

|                                    | net.IP    | netip.Addr | change |
| ---------------------------------- | --------- | ---------- | ------ |
| BenchmarkPoll-IPv4                 | 1330151   | 970550     | -27.0% |
| BenchmarkPoll-IPv6                 | 2056737   | 1034764    | -49.7% |
| BenchmarkConnStore-IPv4            | 20491862  | 17934887   | -12.5% |
| BenchmarkConnStore-IPv6            | 22041995  | 18814942   | -14.6% |
| BenchmarkExportConntrackConns-IPv4 | 38377     | 33077      | -13.8% |
| BenchmarkExportConntrackConns-IPv6 | 41242     | 35361      | -14.3% |
| BenchmarkExportDenyConns-IPv4      | 38035     | 32729      | -14.0% |
| BenchmarkExportDenyConns-IPv6.     | 40934     | 34732      | -15.2% |

Memory (allocs/op) 

|                                    | net.IP    | netip.Addr | change |
| ---------------------------------- | --------- | ---------- | ------ |
| BenchmarkPoll-IPv4                 | 58299     | 26144      | -55.0% |
| BenchmarkPoll-IPv6                 | 58294     | 26143      | -55.0% |
| BenchmarkConnStore-IPv4            | 272636    | 240475     | -11.8% |
| BenchmarkConnStore-IPv6            | 272634    | 240475     | -11.8% |
| BenchmarkExportConntrackConns-IPv4 | 407       | 348        | -14.5% |
| BenchmarkExportConntrackConns-IPv6 | 407       | 348        | -14.5% |
| BenchmarkExportDenyConns-IPv4      | 427       | 348        | -18.5% |
| BenchmarkExportDenyConns-IPv6.     | 427       | 348        | -18.5% |

@antoninbas antoninbas force-pushed the use-netip-for-flow-exporter branch 2 times, most recently from afb208b to 07a20f7 Compare September 28, 2023 00:42
@antoninbas
Copy link
Contributor Author

I'm putting this on hold. While the synthetic benchmarks look good, I think real-life usage won't show too much improvement, given that https://github.com/ti-mo/conntrack uses net.IP. I will open an issue to see if there is interest in switching to netip.Addr, but I am not sure the project is actively maintained.

@antoninbas antoninbas marked this pull request as draft September 28, 2023 01:06
yuntanghsu
yuntanghsu reviewed Sep 28, 2023
View reviewed changes
pkg/agent/flowexporter/connections/conntrack.go
@@ -26,15 +27,24 @@ import (

// InitializeConnTrackDumper initializes the ConnTrackDumper interface for different OS and datapath types.
func InitializeConnTrackDumper(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, ovsDatapathType ovsconfig.OVSDatapathType, isAntreaProxyEnabled bool) ConnTrackDumper {
var svcCIDRv4, svcCIDRv6 netip.Prefix
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think it is better to change svcCIDRv4/v6 in agent.go?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need to. While I think that in the long term, we could replace all occurrences of net.IP with netip.Addr (and net.IPNet with netip.Prefix), it's better to do it incrementally with small PRs, starting with places providing the bigger benefits (in terms of performance). The configuration CIDRs for the Agent (podCIDR, svcCIDR) are individual values and don't account for any memory usage (while the FlowExporter connection store can potentially holds 1000s of IP addresses).

@antoninbas antoninbas marked this pull request as ready for review October 16, 2023 21:26
@antoninbas
Copy link
Contributor Author

@yuntanghsu I'm re-opening this for review. I worked with the maintainer from the conntrack library and it now uses netip.Addr instead of net.IP in the latest release.

@antoninbas antoninbas mentioned this pull request Oct 18, 2023
Closed
yuntanghsu
yuntanghsu previously approved these changes Oct 18, 2023
View reviewed changes
Copy link
Contributor

@yuntanghsu yuntanghsu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only one nit

pkg/agent/flowexporter/connections/conntrack_linux_test.go Outdated Show resolved Hide resolved
yuntanghsu
yuntanghsu previously approved these changes Oct 18, 2023
View reviewed changes
@antoninbas
Copy link
Contributor Author

/test-all

@antoninbas antoninbas added this to the Antrea v1.15 release milestone Oct 24, 2023
@antoninbas
Copy link
Contributor Author

@tnqn @heanlan reminder in case you want to take a look, now that v1.14 has been released
I plan to merge this some time this week if no further comments

@antoninbas
Improvements to FlowExporter benchmarks
9988722 
Also add BenchmarkConnStore, meant to measure memory usage of the
connection store (and all the connections).

Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas
Replace net.IP with netip.Addr in FlowExporter implementation
332bdba 
The net/netip package was introduced in Go 1.18. Compared to the
existing net.IP type, the netip.Addr type takes less memory (especially
for IPv6 addresses), is immutable, and is comparable so it supports ==
and can be used as a map key.

In our case, this means that the flowexporter.Connection type takes a
little less memory, and that the flowexporter.Tuple can be used directly
as the flowexporter.ConnectionKey (no need to generate a string for use
as the map key). Overall, this leads to higher performance (decreased
CPU and memory usage) for the FlowExporter.

There is potential for further improvement, as several key functions
take as parameters both the flowexporter.Connection and
flowexporter.ConnectionKey objects, which is no longer really required.

See antrea-io#5271

Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas
Bump up github.com/ti-mo/conntrack to v0.5
6fe8ec4 
This release uses netip.Addr instead of net.IP to represent connections.

Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas
Use existing svcCIDR in TestConnTrackOvsAppCtl_DumpFlows
e030ce1 
Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas
Address review comments
eb02dae 
Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas antoninbas requested a review from tnqn November 1, 2023 00:31
tnqn
tnqn approved these changes Nov 1, 2023
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoninbas
Copy link
Contributor Author

/test-all

@antoninbas antoninbas merged commit d8bce58 into antrea-io:main Nov 1, 2023
47 of 56 checks passed
@antoninbas antoninbas deleted the use-netip-for-flow-exporter branch November 1, 2023 19:48
@antoninbas antoninbas added the action/release-note Indicates a PR that should be included in release notes. label Nov 1, 2023
@antoninbas
Copy link
Contributor Author

I added the action/release-note label. I think it may be worth mentioning because this should decrease memory usage in the FlowExporter.

@antoninbas antoninbas mentioned this pull request Nov 1, 2023
Merged
@yuntanghsu yuntanghsu mentioned this pull request Jan 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heanlan heanlan heanlan left review comments

@tnqn tnqn tnqn approved these changes

@yuntanghsu yuntanghsu yuntanghsu left review comments

Assignees
No one assigned
Labels
action/release-note Indicates a PR that should be included in release notes.
Projects
None yet
Milestone
Antrea v1.15 release
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@antoninbas @tnqn @yuntanghsu @heanlan