datapath/neighbor: Add ratelimit to desired neighbor calculation by dylandreimerink · Pull Request #43928 · cilium/cilium

dylandreimerink · 2026-01-22T12:52:31Z

During investigation of a memory leak in v1.18, one of the pprof profiles showed a high amount of memory usage in
netlink/nl.(*NetlinkSocket).Receive.

#41623 (comment)

This is most likely due to a lack of rate limiting in the desired neighbor calculation which does a lot of netlink requests to get next hops.

So this PR limits desired neighbor calculation to once every 15 seconds. In the worst case scenario where the default gateway changes, XDP might not be able to forward traffic for up to 15 seconds. Such a scenario should only happen when configuration changes are made or when the network topology changes, and thus this seems an acceptable tradeoff.

Add rate limiting to neighbor reconciler to reduce CPU usage and memory churn

dylandreimerink · 2026-01-22T14:05:27Z

/test

dylandreimerink · 2026-01-29T13:26:33Z

/test

dylandreimerink · 2026-02-04T09:41:24Z

/test

dylandreimerink · 2026-02-18T14:29:08Z

@cilium/sig-datapath any chance of getting a review 👋 ?

smagnani96

Code changes LGTM.
Left a comment on the interval: if you're seeking a feedback on the specific amount chosen (15sec), I'd ask you to pull in other reviewers.

pkg/datapath/neighbor/desired_neighbor_calculator.go

joestringer · 2026-02-18T23:31:31Z

@ldelossa do you have bandwidth to help with @cilium/sig-datapath reviews? If not, you might consider either marking your profile as "busy" on GitHub or (temporarily) stepping out of the team until you have the bandwidth.

pkg/datapath/neighbor/desired_neighbor_calculator.go

joestringer

Some nuances and nits discussed above, but I'll leave it up to you if any of the ideas discussed in the threads are useful to integrate (either in this PR or a subsequent one).

ldelossa

LGTM, sorry for delay.

joestringer · 2026-03-03T20:44:25Z

(Ready but deferring to @dylandreimerink to resolve comments and apply the PR)

dylandreimerink · 2026-03-06T11:02:13Z

/test

dylandreimerink · 2026-03-06T11:05:20Z

/test

During investigation of a memory leak in v1.18, one of the pprof profiles showed a high amount of memory usage in `netlink/nl.(*NetlinkSocket).Receive`. cilium#41623 (comment) This is most likely due to a lack of rate limiting in the desired neighbor calculation which does a lot of netlink requests to get next hops. So this commit limits desired neighbor calculation to once every 15 seconds. In the worst case scenario where the default gateway changes, XDP might not be able to forward traffic for up to 15 seconds. Such a scenario should only happen when configuration changes are made or when the network topology changes, and thus this seems an acceptable tradeoff. Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>

dylandreimerink · 2026-03-06T13:10:44Z

/test

dylandreimerink requested a review from a team as a code owner January 22, 2026 12:52

dylandreimerink requested a review from ldelossa January 22, 2026 12:52

dylandreimerink added kind/enhancement This would improve or streamline existing functionality. release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Jan 22, 2026

dylandreimerink force-pushed the feature/ratelimit-neighbor-reconciliation branch from 008c660 to 7babedf Compare January 29, 2026 12:49

aanm enabled auto-merge February 2, 2026 14:42

dylandreimerink force-pushed the feature/ratelimit-neighbor-reconciliation branch from 7babedf to 565ca3d Compare February 4, 2026 09:41

smagnani96 approved these changes Feb 18, 2026

View reviewed changes

pkg/datapath/neighbor/desired_neighbor_calculator.go Outdated Show resolved Hide resolved

joestringer reviewed Feb 18, 2026

View reviewed changes

pkg/datapath/neighbor/desired_neighbor_calculator.go Outdated Show resolved Hide resolved

pkg/datapath/neighbor/desired_neighbor_calculator.go Outdated Show resolved Hide resolved

pkg/datapath/neighbor/desired_neighbor_calculator.go Outdated Show resolved Hide resolved

joestringer approved these changes Feb 19, 2026

View reviewed changes

joamaki approved these changes Mar 3, 2026

View reviewed changes

ldelossa approved these changes Mar 3, 2026

View reviewed changes

maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Mar 3, 2026

joestringer removed the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 3, 2026

dylandreimerink force-pushed the feature/ratelimit-neighbor-reconciliation branch 2 times, most recently from a2839e2 to 076a22d Compare March 6, 2026 10:56

dylandreimerink force-pushed the feature/ratelimit-neighbor-reconciliation branch from 076a22d to 97d1773 Compare March 6, 2026 11:05

dylandreimerink requested a review from a team as a code owner March 6, 2026 11:05

dylandreimerink requested a review from brlbil March 6, 2026 11:05

brlbil approved these changes Mar 6, 2026

View reviewed changes

dylandreimerink force-pushed the feature/ratelimit-neighbor-reconciliation branch from 97d1773 to b32a781 Compare March 6, 2026 12:13

dylandreimerink requested a review from a team as a code owner March 6, 2026 12:13

dylandreimerink requested a review from rastislavs March 6, 2026 12:13

rastislavs approved these changes Mar 6, 2026

View reviewed changes

aanm added this pull request to the merge queue Mar 6, 2026

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 6, 2026

Merged via the queue into cilium:main with commit f38aa1b Mar 6, 2026
83 of 85 checks passed

tommyp1ckles mentioned this pull request Mar 9, 2026

v1.19 Backports 2026-03-09 #44699

Merged

7 tasks

tommyp1ckles added backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. and removed needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Mar 9, 2026

github-actions bot added backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. and removed backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. labels Mar 12, 2026

Conversation

dylandreimerink commented Jan 22, 2026

Uh oh!

dylandreimerink commented Jan 22, 2026

Uh oh!

dylandreimerink commented Jan 29, 2026

Uh oh!

dylandreimerink commented Feb 4, 2026

Uh oh!

dylandreimerink commented Feb 18, 2026

Uh oh!

smagnani96 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

joestringer commented Feb 18, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

joestringer left a comment

Choose a reason for hiding this comment

Uh oh!

ldelossa left a comment

Choose a reason for hiding this comment

Uh oh!

joestringer commented Mar 3, 2026

Uh oh!

dylandreimerink commented Mar 6, 2026

Uh oh!

dylandreimerink commented Mar 6, 2026

Uh oh!

dylandreimerink commented Mar 6, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants