From: CGEL <cgel.zte@gmail•com>
To: David Ahern <dsahern@kernel•org>
Cc: davem@davemloft•net, kuba@kernel•org, yoshfuji@linux-ipv6•org,
netdev@vger•kernel.org, linl@vger•kernel.org,
xu.xin16@zte•com.cn
Subject: Re: [PATCH v2 0/3] Namespaceify two sysctls related with route
Date: Tue, 30 Aug 2022 09:59:51 +0000 [thread overview]
Message-ID: <630ddf99.170a0220.f0a66.bd54@mx.google.com> (raw)
In-Reply-To: <0c540a69-f7a4-dc71-c540-6e0785b2b5c9@kernel.org>
On Thu, Aug 25, 2022 at 08:27:04AM -0700, David Ahern wrote:
> On 8/23/22 7:00 PM, cgel.zte@gmail•com wrote:
> > From: xu xin <xu.xin16@zte•com.cn>
> >
> > With the rise of cloud native, more and more container applications are
> > deployed. The network namespace is one of the foundations of the container.
> > The sysctls of error_cost and error_burst are important knobs to control
> > the sending frequency of ICMP_DEST_UNREACH packet for ipv4. When different
> > containers has requirements on the tuning of error_cost and error_burst,
> > for host's security, the sysctls should exist per network namespace.
> >
> > Different netns has different requirements on the setting of error_cost
> > and error_burst, which are related with limiting the frequency of sending
> > ICMP_DEST_UNREACH packets. Enable them to be configured per netns.
> >
> >
>
> you did not respond to the IPv6 question Jakub asked.
>
> I think it is legacy for IPv4 since it pre-dates the move to git and
> just never added to IPv6. But, if it is important enough for this to
> move to per container then it should be important enough to add for IPv6
> too.
Probably yes, but however, there are still many applications using the
legacies for IPv4. Maybe it's not that important for IPv6 that have never
used it, but from the perspective of container's compatibility to host,
it is better to move to per container.
prev parent reply other threads:[~2022-08-30 10:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-24 2:00 [PATCH v2 0/3] Namespaceify two sysctls related with route cgel.zte
2022-08-24 2:03 ` [PATCH v2 1/3] ipv4: Namespaceify route/error_cost knob cgel.zte
2022-08-25 15:23 ` David Ahern
2022-08-25 15:24 ` David Ahern
2022-08-30 9:47 ` CGEL
2022-08-24 2:04 ` [PATCH v2 2/3] ipv4: Namespaceify route/error_burst knob cgel.zte
2022-08-24 2:08 ` [PATCH v2 3/3] ipv4: add documentation of two sysctls about icmp cgel.zte
2022-08-25 15:27 ` [PATCH v2 0/3] Namespaceify two sysctls related with route David Ahern
2022-08-30 9:59 ` CGEL [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=630ddf99.170a0220.f0a66.bd54@mx.google.com \
--to=cgel.zte@gmail$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=dsahern@kernel$(echo .)org \
--cc=kuba@kernel$(echo .)org \
--cc=linl@vger$(echo .)kernel.org \
--cc=netdev@vger$(echo .)kernel.org \
--cc=xu.xin16@zte$(echo .)com.cn \
--cc=yoshfuji@linux-ipv6$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox