-
Notifications
You must be signed in to change notification settings - Fork 229
Functional Block: SOL
The Solicitor (SOL) block is responsible for maintaining, rate limiting, and sending requests. Request packets are organized by priority and only permitted a fraction of the link capacity between Gatekeeper and Grantor, and it's up to the Solicitor block to enforce these constraints. It only runs when the Gatekeeper program is being run as a Gatekeeper server.
Gatekeeper uses multiple SOL instances to spread the load from GK blocks. The GK-to-SOL mapping will be done when Gatekeeper boots.
After a GK instance decides that a flow needs to request permission from Grantor to send to the destination, it enqueues the request packet in one Solicitor instance's mailbox associated with that GK instance. Each Solicitor instance repeatedly takes request packets from its mailbox and enqueues it into a priority queue to be sent to Grantor.
The priority queue is implemented as a length-limited linked list, providing constant time insertion, dequeuing of the highest priority request, and deletion of the lowest priority request when the queue is full.
After enqueueing a set of requests into the priority queue, each Solicitor instance dequeues requests to transmit to Grantor. Each SOL instance uses a token bucket algorithm to only utilize 5%/#sol instances of the link bandwidth for requests, so when under high usage (or an attack) it may not completely empty the priority queue at every iteration. Notice that all the SOL instances will utilize up to 5% of the link bandwidth for requests in aggregate.
To change the number of lcores assigned to the SOL block on each NUMA node (i.e. the number of SOL instances on each NUMA node), change the variable local n_sol_lcores_per_socket in lua/main_config.lua.
All other static configuration variables can be configured in lua/sol.lua.
These variables are likely to change from deployment-to-deployment based on the operator's preferences.
log_level
The log level for the SOL block. Can be set to any one of the following values: RTE_LOG_EMERG, RTE_LOG_ALERT, RTE_LOG_CRIT, RTE_LOG_ERR, RTE_LOG_WARNING, RTE_LOG_NOTICE, RTE_LOG_INFO, RTE_LOG_DEBUG.
Since we typically use RTE_LOG_ERROR as the most severe log condition, we recommend not to set this value below RTE_LOG_ERROR.
destination_bw_gbps; This option was introduced in Gatekeeper version 1.2.
This option informs Gatekeeper servers of the bandwidth capacity of the destination (or protected) network in Gbps. This information is used to calculate the bandwidth allocated to the request channel. The request channel includes all the packets sent to Grantor servers for policy decisions. For example, if Gatekeeper servers are installed in a 40Gbps network, and the destination network is 10Gbps, destination_bw_gbps must be set to 10.
It is not crucial to change these variables, and they only need to be changed to fine tune the performance of Gatekeeper. Otherwise, the default values are likely fine.
log_ratelimit_interval_ms
The interval at which logs are rate limited (in milliseconds). For a given interval, only log_ratelimit_burst log entries are permitted. The count of entries is reset for each new interval.
log_ratelimit_burst
The number of entries per interval allowed to be logged. When the number of log entries exceeds this limit in a given interval, the entries will be dropped.
pri_req_max_len
Maximum length of the priority queue for requests of each SOL instance. When the priority queue is full and an additional request is made, the lowest priority request will be dropped. If the new request is the lowest priority, then is dropped.
req_bw_rate
Percentage of the bandwidth of the destination network (see option destination_bw_gbps) to be allocated for the request channel. This option very likely should be left at its default of 5%. This option must be greater than zero and less than 1.
enq_burst_size & deq_burst_size
enq_burst_size is the maximum number of requests enqueued into each Solicitor instance's priority queue at one time. deq_burst_size is the maximum number of requests dequeued from the priority queue at once; it will be fewer for each iteration if there are not that many requests available in the queue or if the request channel bandwidth has been exhausted.
These variables likely only need to be changed under extreme circumstances or for deployment-specific reasons.
tb_rate_approx_err
The precision for the rational number approximation that represents the number of cycles per byte. This metric is used in the token bucket algorithm to maintain credits used toward the request channel's bandwidth. A reasonable value is 1e-7.
req_channel_bw_mbps
The bandwidth allocated to the request channel in megabits per second. This option is calculated by multiplying the options req_bw_rate and destination_bw_gbps, and adjusting the unit.