On 18 January 2016 at 02:40, Fischetti, Antonio <[email protected]> wrote: > Hi All, > I'm having a look at the ConnTracker implementation, especially the > one in user-space. > Are there any performance figures for OVS and/or OVS-DPDK with this > feature? Or any test results?
I did some comparative-type testing between linux stack paths that use connection tracking during NFWS last year: http://workshop.netfilter.org/2015/wiki/index.php/Developer_slides This primarily looked at connections/second, comparing the baseline L2 cps vs. linear firewall iteration vs. map-based approaches like ipsets and OVS. This doesn't necessarily show the limits of performance of the hardware or software though. In particular there were some /proc tweaks that were missed out. Perhaps the main finds from that investigation were that traditional linear-iteration approaches are slow (eg iptables list of rules to filter traffic), and that if someone were to work on conntrack performance then the improvements would equally benefit all linux users of conntrack. No DPDK evaluation was done at that time. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
