[Cake] Pre-print of Cake paper available
Toke Høiland-Jørgensen
toke at toke.dk
Wed Apr 25 16:28:25 EDT 2018
David Lang <david at lang.hm> writes:
> On Tue, 24 Apr 2018, Toke Høiland-Jørgensen wrote:
>
>> Pete Heist <pete at eventide.io> writes:
>>
>>>> On Apr 24, 2018, at 7:58 AM, Jonathan Morton <chromatix99 at gmail.com> wrote:
>>>>
>>>> Turning NAT support on by default might actually be reasonable, since
>>>> it doesn't really break anything if it's not needed - it just eats a
>>>> bit of CPU with unnecessary conntrack lookups.
>>>
>>> I would be for it, if it eats say < 1% additional CPU, and preferably
>>> less. I expect the impact to increase with packet rates.
>>
>> I'm a bit worried that the way it is implemented now, if we turn it on
>> by default we risk activating conntrack even when it was otherwise
>> disabled...
>
> I will say that just about every system ships with conntrack enabled, and
> disabling it can be pretty difficult (especially in LEDE/OpenWRT), there are so
> many things that require it that tracking them all down and disabling them is
> very difficult.
>
> There are not that many places where Cake is going to be used that NAT or some
> other thing that requires connection tracking is not also going to be used, in
> the remaining cases, can it be disabled manually in configs after it's been
> sucked in automatically?
Hmm, actually it looks like just compiling against the conntrack code
adds a module dependency on conntrack. And as far as I can tell, the
code doesn't initiate any new conntrack state if it doesn't already
exist. So I think it's safe to turn on NAT mode by default. Will add
that :)
-Toke
More information about the Cake
mailing list