On 9/14/16 9:14 AM, Vincent Bernat wrote: > I could just give more time to VRF. I also had some concerns over > performance with the way Netfilter integration is done, but I understand > that I could just stay away from POSTROUTING rules which is the only > hook executed twice? >
With the changes that were committed this past weekend, the VRF code is now setup where I can set a flag on a per VRF basis to disable the extra rx and tx processing - ie., no network taps, no netfilter, no qdisc, etc. Drops the overhead of VRF to ~3% maybe a bit less. I need to think about the user api a bit more and formalize the patch. Given my other commitments that probably won't happen until mid-October. But in terms of a building block, the overhead of VRF is continuing to drop.
