|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Software router state of the art
>> It keeps track of Src/Dst/QoS/Ethernet adapters/etc.. Additionally most >> systems have the iptables modules loaded in kernel and the conntrack >> module in kernel. This immediately activates connection tracking, >> therefore considerably slowing down software routing. The most optimal >> way of speeding this up would be sticking the route cache into somewhat >> faster memory. Though it would be fairly nice to get rid of the route >> cache as that can cause problem with eccentric setups. Also, as cache >> entries take a moment to be deleted, or degrade leading to convergence >> times being higher. > > Note .. to .. self .. Linux .. makes .. crappy .. router. Got it. > > Guess we'll continue to use FreeBSD, and the lesson to come away with > is that it probably pays to avoid technologies that are suboptimal > for the task at hand. Not everything is created equal. It also pays > to tune things. If "conntrack" hurts, then remove it. You can use Linux without conntrack. You can either do "rmmod ip_conntrack" (unload the module), rm /var/lib/modules/ip_conntrack (or something like that to erase the file) or use the RAW queue to forward some packets without connection tracking (-j NOTRACK) and some others with conntrack (proxy redirection, captive portal and thinks like that requires stateful forwarding in any platform). I would be more worried about the prefix match and route cache done by the operating system you are considering for use as a router. That cannot be circunverted by turning off conntrack, pf or anything that might do more with the packet that plain simple routing. Rubens
|