diff options
| author | Doug Bryant <dougbryant@anthropic.com> | 2026-04-07 21:20:17 +0000 |
|---|---|---|
| committer | Brad Fitzpatrick <brad@danga.com> | 2026-04-07 16:03:15 -0700 |
| commit | 8df8e9cb6efb5e938714c4cd7aa38ceb59ad5ecd (patch) | |
| tree | 0a05d73b334ce86942379a8a57b477190a8a5039 | |
| parent | e689283ebdc8ea18f0631d97a2f8a00d722fe511 (diff) | |
| download | tailscale-8df8e9cb6efb5e938714c4cd7aa38ceb59ad5ecd.tar.xz tailscale-8df8e9cb6efb5e938714c4cd7aa38ceb59ad5ecd.zip | |
cmd/containerboot: rate-limit IPN bus netmap notifications
CPU profiling a containerboot subnet router on a large tailnet showed
roughly 40% of CPU spent in serveWatchIPNBus JSON-encoding the full
netmap on every update. containerboot only reads SelfNode fields from
those notifications (and does a peer lookup when TailnetTargetFQDN is
set), so it does not need every intermediate netmap delta.
Set ipn.NotifyRateLimit on all three WatchIPNBus calls so netmap
notifications are coalesced to one per 3s. Initial-state delivery is
unaffected since the rateLimitingBusSender flushes the first send
immediately.
Updates #cleanup
Signed-off-by: Doug Bryant <dougbryant@anthropic.com>
| -rw-r--r-- | cmd/containerboot/main.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/cmd/containerboot/main.go b/cmd/containerboot/main.go index 76c6e910a..55a4e8442 100644 --- a/cmd/containerboot/main.go +++ b/cmd/containerboot/main.go @@ -306,7 +306,7 @@ func run() error { } } - w, err := client.WatchIPNBus(bootCtx, ipn.NotifyInitialNetMap|ipn.NotifyInitialPrefs|ipn.NotifyInitialState|ipn.NotifyInitialHealthState) + w, err := client.WatchIPNBus(bootCtx, ipn.NotifyInitialNetMap|ipn.NotifyInitialPrefs|ipn.NotifyInitialState|ipn.NotifyInitialHealthState|ipn.NotifyRateLimit) if err != nil { return fmt.Errorf("failed to watch tailscaled for updates: %w", err) } @@ -346,7 +346,7 @@ func run() error { if err := tailscaleUp(bootCtx, cfg); err != nil { return fmt.Errorf("failed to auth tailscale: %w", err) } - w, err = client.WatchIPNBus(bootCtx, ipn.NotifyInitialNetMap|ipn.NotifyInitialState) + w, err = client.WatchIPNBus(bootCtx, ipn.NotifyInitialNetMap|ipn.NotifyInitialState|ipn.NotifyRateLimit) if err != nil { return fmt.Errorf("rewatching tailscaled for updates after auth: %w", err) } @@ -458,7 +458,7 @@ authLoop: } } - w, err = client.WatchIPNBus(ctx, ipn.NotifyInitialNetMap|ipn.NotifyInitialState) + w, err = client.WatchIPNBus(ctx, ipn.NotifyInitialNetMap|ipn.NotifyInitialState|ipn.NotifyRateLimit) if err != nil { return fmt.Errorf("rewatching tailscaled for updates after auth: %w", err) } |