There has been some discussion lately about network namespaces and the interaction with sysfs. With the introduction of Guenter's ipcgroup patches, there was also the question of how feasible it is to create thousands of network namespaces. So, I decided to see if I could even create thousands of veth pairs, and if so move them into thousands of network namespaces. I was pleased to see that the system didn't fall over, but found that the process slowed significantly with higher numbers if sysfs was enabled. I thought it would be prudent to post some numbers. I first tested creating 1000 and 2500 veth pairs, attaching one side to a bridge with and without sysfs. Next I created 2500 network namespaces, along with 2500 veth pairs. One side of each pair was attached to a bridge and the other was moved into the namespace. The results are: 1000 veth pairs: 8x slower with CONFIG_SYSFS 2500 veth pairs 4.5x slower 2500 netns, veth pairs: 6x slower The tests were done with hal disabled, attaching every third veth device to a different bridge (to overcome the limit of 1023 taps per bridge). -- Dan Smith IBM Linux Technology Center email: danms@xxxxxxxxxx _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
