Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

policy: Optimize getNets() #26345

Merged
merged 1 commit into from Jun 21, 2023
Merged

policy: Optimize getNets() #26345

merged 1 commit into from Jun 21, 2023

Conversation

jrajahalme
Copy link
Member

getNets is used in DenyPreferredInsert for MapState. It is somewhat costly, and uses a cache to compute the result at most once for each MapStateEntry. Speed up the computation with two strategies:

  • skip looking for CIDR labels when the identity is not a local identity. This works due to CIDR identities always being locally allocated
  • skip allocating a slice when not needed, returning a nil map instead if the locally allocated identity has no CIDR labels

@jrajahalme
policy: Optimize getNets()
89f5555 
getNets is used in DenyPreferredInsert for MapState. It is somewhat
costly, and uses a cache to compute the result at most once for each
MapStateEntry. Speed up the computation with two strategies:

- skip looking for CIDR labels when the identity is not a local
  identity. This works due to CIDR identities always being locally
  allocated

- skip allocating a slice when not needed, returning a nil map instead if
  the locally allocated identity has no CIDR labels

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme jrajahalme added kind/enhancement This would improve or streamline existing functionality. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies. release-note/misc This PR makes changes that have no direct user impact. labels Jun 19, 2023
@jrajahalme jrajahalme requested a review from a team as a code owner June 19, 2023 09:03
@jrajahalme
Copy link
Member Author

/test

aditighag
aditighag reviewed Jun 21, 2023
View reviewed changes
Copy link
Member

@aditighag aditighag left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have much context for Deny policies. /cc @nathanjsweet

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 21, 2023
@nathanjsweet nathanjsweet merged commit d9b9e65 into cilium:main Jun 21, 2023
63 checks passed
@joestringer joestringer mentioned this pull request Jun 28, 2023
Merged
@joamaki joamaki mentioned this pull request Sep 15, 2023
Merged
6 tasks
@joamaki joamaki mentioned this pull request Oct 5, 2023
Merged
5 tasks
@julianwiedmann julianwiedmann added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. labels Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aditighag aditighag aditighag left review comments

@nathanjsweet nathanjsweet nathanjsweet approved these changes

Assignees
No one assigned
Labels
backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/enhancement This would improve or streamline existing functionality. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jrajahalme @nathanjsweet @aditighag @julianwiedmann