[ovs-dev] [PATCH] RFC: Add support for connection tracking.

[Madhu Challa]

On Wed, Oct 1, 2014 at 5:53 PM, Justin Pettit <jpettit at nicira.com> wrote:

> On Wed, Sep 17, 2014 at 4:12 PM, Madhu Challa <challa at noironetworks.com>
> wrote:
>
>>
>> I got a chance to try out your code with the example flows and measure
>> raw packet throughput with and without connection tracking. The code works
>> and the performance numbers look pretty good.
>>
>
> Sorry that I missed this message earlier.  Thank you very much for trying
> this out and getting some performance numbers!
>

You are very welcome.

>
>
>> I ran two sets of tests both with 4 iptable rules in chain input and 8 in
>> chain forward, all default rules coming from a docker installation. The
>> setup is a ovs connected to two packet generators via two ports. I am using
>> dpdk-pktgen.
>>
>
> I'm not sure I understand what you mean by using iptables rules and OVS.
> I would have expected you just to be using OVS flows instead of iptables,
> but maybe I misunderstand.
>

I had some ip tables rules that would need conntrack and I was not sure if
it would affect the performance numbers. I had rechecked and looks like it
does not. sorry about the confusion.

>
>
>> In the first test I am sending random tcp 64 byte packets and the
>> throughput difference is about 20% (5484/6819 Mbps)
>>
>
> Are these two rates representing no conntrack (6819) and with conntrack
> (5484)?
>

yes.

>
>
>> In the second test I let a connection get established and then hijack the
>> connection via pktgen and send a spoofed packet from one end to the other.
>> Here I see a throughput difference of 15%.
>>
>
> Why do you think the performance is better when hijacking the connection?
> Is it that pktgen is detecting a slower rate when the caches are heating up
> and never adjusts itself up?
>

I think its because the retransmitted data packets were slightly bigger in
size.

Thanks.

>
> Thanks again!
>
> --Justin
>
>
>