diff options
| author |   Klement Sekera <ksekera@cisco.com> | 2020-07-27 12:21:54 +0000 |
|---|---|---|
| committer |   Ole Trøan <otroan@employees.org> | 2020-07-28 06:31:56 +0000 |
| commit | 6977ed6cffbc43d39ef58da4fcbe1f719b4022ee (patch) | |
| tree | b84599878ea457eac4392b531ad2191b0908f617 | |
| parent | 9fefa89169d296bff41a815fbefed2b41b1a4bb8 (diff) | |
nat: limit resource consumption when out of ports
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I83f44711264376389989152666f3c71216146bdd
| -rw-r--r-- | src/plugins/nat/in2out_ed.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 8eafb5ba7ed..4871e78ba52 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -34,6 +34,11 @@ #include <nat/nat44/ed_inlines.h> #include <nat/lib/nat_inlines.h> +/* number of attempts to get a port for ED overloading algorithm, if rolling + * a dice this many times doesn't produce a free port, it's treated + * as if there were no free ports available to conserve resources */ +#define ED_PORT_ALLOC_ATTEMPTS (10) + static char *nat_in2out_ed_error_strings[] = { #define _(sym,string) string, foreach_nat_in2out_ed_error @@ -227,7 +232,7 @@ nat_ed_alloc_addr_and_port (snat_main_t * sm, u32 rx_fib_index, port_offset = snat_random_port (0, port_per_thread - 1); \ port = port_thread_offset + port_offset; \ } \ - u16 attempts = port_per_thread; \ + u16 attempts = ED_PORT_ALLOC_ATTEMPTS; \ do \ { \ init_ed_kv (out2in_ed_kv, a->addr, clib_host_to_net_u16 (port), \ @@ -244,7 +249,7 @@ nat_ed_alloc_addr_and_port (snat_main_t * sm, u32 rx_fib_index, *outside_port = clib_host_to_net_u16 (port); \ return 0; \ } \ - port_offset = (port_offset + 1) % port_per_thread; \ + port_offset = snat_random_port (0, port_per_thread - 1); \ port = port_thread_offset + port_offset; \ --attempts; \ } \ |