Bug #1778
closedaf_packet: IPS and defrag
Description
defrag is not compatible with IPS mode as reconstructed packets will be too big when sent over the wire. So we need to warn the user about that. But when defrag is disabled, the cluster_flow load balancing will not work correctly so we need to propose an alternative configuration to improve things.
VJ Updated by Victor Julien almost 10 years ago
I think currently safe scenarios are:
workers mode with 1 thread per interface, af-packet defrag disabled
autofp mode with 1 thread per interface, af-packet defrag disabled
If the network is guaranteed to be free of fragmentation (e.g. firewall policy blocks it), multiple threads per interface can be used.
VJ Updated by Victor Julien almost 10 years ago
- Status changed from New to Assigned
- Priority changed from Normal to High
- Target version set to 70
VJ Updated by Victor Julien almost 10 years ago
Of the current cluster modes, could there be something that helps? E.g. cluster_cpu with some additional configs outside of suri?
VJ Updated by Victor Julien about 9 years ago
- Subject changed from af_packet IPS and defrag to af_packet: IPS and defrag
- Description updated (diff)
EL Updated by Eric Leblond over 7 years ago
Cluster ebpf with ippair implementation should fix that. XDP CPU redirect will do too.
VJ Updated by Victor Julien almost 7 years ago
- Related to Support #2997: IPS AF_Packet mode and decoder invalid added
VJ Updated by Victor Julien over 6 years ago
- Related to Feature #3011: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only added
VJ Updated by Victor Julien over 6 years ago
Eric, now that #3011 is closed, do you think this one can be closed as well?
EL Updated by Eric Leblond over 6 years ago
I would say so. Maybe we need a check of documentation to really do so.
VJ Updated by Victor Julien over 6 years ago
- Status changed from Assigned to Closed
- Priority changed from High to Normal
- Target version changed from 70 to 5.0.0