Thank you Joe!
> -----Original Message----- > From: Joe Stringer [mailto:[email protected]] > Sent: Wednesday, January 20, 2016 12:10 AM > To: Fischetti, Antonio > Cc: [email protected] > Subject: Re: [ovs-discuss] ConnTracker: any Performance figures? > > On 18 January 2016 at 02:40, Fischetti, Antonio > <[email protected]> wrote: > > Hi All, > > I'm having a look at the ConnTracker implementation, especially the > > one in user-space. > > Are there any performance figures for OVS and/or OVS-DPDK with this > > feature? Or any test results? > > I did some comparative-type testing between linux stack paths that use > connection tracking during NFWS last year: > http://workshop.netfilter.org/2015/wiki/index.php/Developer_slides > > This primarily looked at connections/second, comparing the baseline L2 > cps vs. linear firewall iteration vs. map-based approaches like ipsets > and OVS. This doesn't necessarily show the limits of performance of > the hardware or software though. In particular there were some /proc > tweaks that were missed out. Perhaps the main finds from that > investigation were that traditional linear-iteration approaches are > slow (eg iptables list of rules to filter traffic), and that if > someone were to work on conntrack performance then the improvements > would equally benefit all linux users of conntrack. No DPDK evaluation > was done at that time. _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
