Added by Eric Leblond almost 10 years ago. Updated over 6 years ago.
Description
defrag is not compatible with IPS mode as reconstructed packets will be too big when sent over the wire. So we need to warn the user about that. But when defrag is disabled, the cluster_flow load balancing will not work correctly so we need to propose an alternative configuration to improve things.
I think currently safe scenarios are:
workers mode with 1 thread per interface, af-packet defrag disabled
autofp mode with 1 thread per interface, af-packet defrag disabled
If the network is guaranteed to be free of fragmentation (e.g. firewall policy blocks it), multiple threads per interface can be used.
Of the current cluster modes, could there be something that helps? E.g. cluster_cpu with some additional configs outside of suri?
Cluster ebpf with ippair implementation should fix that. XDP CPU redirect will do too.
Eric, now that #3011 is closed, do you think this one can be closed as well?
I would say so. Maybe we need a check of documentation to really do so.