[ovs-discuss] ConnTracker: any Performance figures?

Fischetti, Antonio antonio.fischetti at intel.com
Thu Jan 21 09:57:57 UTC 2016


Thank you Joe!

> -----Original Message-----
> From: Joe Stringer [mailto:joe at ovn.org]
> Sent: Wednesday, January 20, 2016 12:10 AM
> To: Fischetti, Antonio
> Cc: discuss at openvswitch.org
> Subject: Re: [ovs-discuss] ConnTracker: any Performance figures?
> 
> On 18 January 2016 at 02:40, Fischetti, Antonio
> <antonio.fischetti at intel.com> wrote:
> > Hi All,
> > I'm having a look at the ConnTracker implementation, especially the
> > one in user-space.
> > Are there any performance figures for OVS and/or OVS-DPDK with this
> > feature? Or any test results?
> 
> I did some comparative-type testing between linux stack paths that use
> connection tracking during NFWS last year:
> http://workshop.netfilter.org/2015/wiki/index.php/Developer_slides
> 
> This primarily looked at connections/second, comparing the baseline L2
> cps vs. linear firewall iteration vs. map-based approaches like ipsets
> and OVS. This doesn't necessarily show the limits of performance of
> the hardware or software though. In particular there were some /proc
> tweaks that were missed out. Perhaps the main finds from that
> investigation were that traditional linear-iteration approaches are
> slow (eg iptables list of rules to filter traffic), and that if
> someone were to work on conntrack performance then the improvements
> would equally benefit all linux users of conntrack. No DPDK evaluation
> was done at that time.


More information about the discuss mailing list