[Cake] Pre-print of Cake paper available

Toke Høiland-Jørgensen toke at toke.dk
Wed Apr 25 16:28:25 EDT 2018


David Lang <david at lang.hm> writes:

> On Tue, 24 Apr 2018, Toke Høiland-Jørgensen wrote:
>
>> Pete Heist <pete at eventide.io> writes:
>>
>>>> On Apr 24, 2018, at 7:58 AM, Jonathan Morton <chromatix99 at gmail.com> wrote:
>>>> 
>>>> Turning NAT support on by default might actually be reasonable, since
>>>> it doesn't really break anything if it's not needed - it just eats a
>>>> bit of CPU with unnecessary conntrack lookups.
>>>
>>> I would be for it, if it eats say < 1% additional CPU, and preferably
>>> less. I expect the impact to increase with packet rates.
>>
>> I'm a bit worried that the way it is implemented now, if we turn it on
>> by default we risk activating conntrack even when it was otherwise
>> disabled...
>
> I will say that just about every system ships with conntrack enabled, and 
> disabling it can be pretty difficult (especially in LEDE/OpenWRT), there are so 
> many things that require it that tracking them all down and disabling them is 
> very difficult.
>
> There are not that many places where Cake is going to be used that NAT or some 
> other thing that requires connection tracking is not also going to be used, in 
> the remaining cases, can it be disabled manually in configs after it's been 
> sucked in automatically?

Hmm, actually it looks like just compiling against the conntrack code
adds a module dependency on conntrack. And as far as I can tell, the
code doesn't initiate any new conntrack state if it doesn't already
exist. So I think it's safe to turn on NAT mode by default. Will add
that :)

-Toke


More information about the Cake mailing list