ofproto: Drop flows from datapath more quickly under heavy load.
In normal operation it makes sense to keep track of all of the flows that
have been seen recently and to cache all of them in the kernel. Under
unusual conditions, such as those caused by network scanning tools or by an
actual targeted DoS attack against the vswitch, the number of flows can
explode to extremely high numbers (hundreds of thousands or more). In such
a situation the vswitch needs to guard against memory exhaustion by
expiring flows more quickly and more often. This commit implements an
inexpensive technique for determining which flows should be dropped in such
a situation.
projects / openvswitch / commit