Bug #1778
closed
af_packet: IPS and defrag
Added by Eric Leblond almost 8 years ago.
Updated over 4 years ago.
Description
defrag is not compatible with IPS mode as reconstructed packets will be too big when sent over the wire. So we need to warn the user about that. But when defrag is disabled, the cluster_flow load balancing will not work correctly so we need to propose an alternative configuration to improve things.
I think currently safe scenarios are:
workers mode with 1 thread per interface, af-packet defrag disabled
autofp mode with 1 thread per interface, af-packet defrag disabled
If the network is guaranteed to be free of fragmentation (e.g. firewall policy blocks it), multiple threads per interface can be used.
- Status changed from New to Assigned
- Priority changed from Normal to High
- Target version set to 70
Of the current cluster modes, could there be something that helps? E.g. cluster_cpu with some additional configs outside of suri?
- Subject changed from af_packet IPS and defrag to af_packet: IPS and defrag
- Description updated (diff)
Cluster ebpf with ippair implementation should fix that. XDP CPU redirect will do too.
- Related to Support #2997: IPS AF_Packet mode and decoder invalid added
- Related to Feature #3011: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only added
Eric, now that #3011 is closed, do you think this one can be closed as well?
I would say so. Maybe we need a check of documentation to really do so.
- Status changed from Assigned to Closed
- Priority changed from High to Normal
- Target version changed from 70 to 5.0.0
Also available in: Atom
PDF