[ovs-dev] [PATCH] RFC: Add support for connection tracking.
Justin Pettit
jpettit at nicira.com
Thu Oct 2 00:53:24 UTC 2014
On Wed, Sep 17, 2014 at 4:12 PM, Madhu Challa <challa at noironetworks.com>
wrote:
>
> I got a chance to try out your code with the example flows and measure raw
> packet throughput with and without connection tracking. The code works and
> the performance numbers look pretty good.
>
Sorry that I missed this message earlier. Thank you very much for trying
this out and getting some performance numbers!
> I ran two sets of tests both with 4 iptable rules in chain input and 8 in
> chain forward, all default rules coming from a docker installation. The
> setup is a ovs connected to two packet generators via two ports. I am using
> dpdk-pktgen.
>
I'm not sure I understand what you mean by using iptables rules and OVS. I
would have expected you just to be using OVS flows instead of iptables, but
maybe I misunderstand.
> In the first test I am sending random tcp 64 byte packets and the
> throughput difference is about 20% (5484/6819 Mbps)
>
Are these two rates representing no conntrack (6819) and with conntrack
(5484)?
> In the second test I let a connection get established and then hijack the
> connection via pktgen and send a spoofed packet from one end to the other.
> Here I see a throughput difference of 15%.
>
Why do you think the performance is better when hijacking the connection?
Is it that pktgen is detecting a slower rate when the caches are heating up
and never adjusts itself up?
Thanks again!
--Justin
More information about the dev
mailing list