[Cake] Pre-print of Cake paper available
Pete Heist
pete at eventide.io
Tue Apr 24 03:15:20 EDT 2018
> On Apr 24, 2018, at 7:58 AM, Jonathan Morton <chromatix99 at gmail.com> wrote:
>
> Turning NAT support on by default might actually be reasonable, since it doesn't really break anything if it's not needed - it just eats a bit of CPU with unnecessary conntrack lookups.
I would be for it, if it eats say < 1% additional CPU, and preferably less. I expect the impact to increase with packet rates.
> For the flowmodes, basically triple-isolate's raison d'être is to be a reasonable default which (usually) gives most of the benefits of the "dual" modes, without needing to know a-priori anything about network topology. In the most typical application, the distinction can be seen in whether the qdisc is attached to an IFB or a physical interface, but in deployments that we'd *like* to see, the opposite cases easily occur. To do anything more sophisticated, we'd need to watch some traffic and guess after a while, and that doesn't feel right.
Yeah, I see. The same could be done with nat. There could be an auto-detect phase where nat lookups are performed and not to determine if it’s needed. But if these detections didn’t work with near-perfect reliability, it would complicate troubleshooting.
More information about the Cake
mailing list