firewall-controller icon indicating copy to clipboard operation
firewall-controller copied to clipboard
verified publisher icon metal-stack

Add a flowtable to speed up forwarding

Open majst01 opened this issue 2 years ago • 0 comments

references #157

According to: https://www.kernel.org/doc/html/latest/networking/nf_flowtable.html#layer-2-encapsulation we do not need to specify every interface, instead lan0/lan1 should be sufficient

Another Post: https://www.ubicloud.com/blog/improving-network-performance-with-linux-flowtables

TODO:

  • [ ] measure impact
  • [ ] check if this is better placed in the metal table, seems so, with priority 0
  • [ ] check if accounting and NAT still works
  • [x] fix tests
  • [ ] enable accounting e.g. sysctl -w net.netfilter.nf_conntrack_acct=1
  • [ ] check if accounting of external/internal traffic still works
    • [ ] Does not work anymore, requires a ebpf module for that

majst01 avatar Jun 25 '23 15:06 majst01