[Cake] Pre-print of Cake paper available

[Jonathan Morton]

> This (along with ’nat’) were part of an overall wish that ‘cake’ without any keywords would do the “right thing” by default as often as possible

Turning NAT support on by default might actually be reasonable, since it doesn't really break anything if it's not needed - it just eats a bit of CPU with unnecessary conntrack lookups.

For the flowmodes, basically triple-isolate's raison d'être is to be a reasonable default which (usually) gives most of the benefits of the "dual" modes, without needing to know a-priori anything about network topology.  In the most typical application, the distinction can be seen in whether the qdisc is attached to an IFB or a physical interface, but in deployments that we'd *like* to see, the opposite cases easily occur.  To do anything more sophisticated, we'd need to watch some traffic and guess after a while, and that doesn't feel right.

 - Jonathan Morton