lvs-devel
|
|
lvs-devel
|
| To: | "longguang.yue" <bigclouds@xxxxxxx> |
|---|---|
| Subject: | Re:Re: [PATCH] ipvs: add a sysctl switch to control ipvs to bypass OUTPUT chain or not |
| Cc: | horms@xxxxxxxxxxxx, kadlec@xxxxxxxxxxxxx, fw@xxxxxxxxx, pablo@xxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx |
| From: | Julian Anastasov <ja@xxxxxx> |
| Date: | Thu, 25 Aug 2022 08:32:51 +0300 (EEST) |
Hello,
On Thu, 25 Aug 2022, longguang.yue wrote:
> I see.
> I hope we could find a maintainable and decoupled way to keep ipvs high
> performance.
> especially for kubernetes environment, there are from dozens up to one
> hundred rules in OUTPUT chain.
May be some rules can help the bunch of rules to
be applied only for first packet, not for every packet in
connection, such as:
iptables -t filter -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A OUTPUT -m ipvs --ipvs -j ACCEPT
Regards
--
Julian Anastasov <ja@xxxxxx>
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [PATCH net-next] genetlink: start to validate reserved header bytes, Jakub Kicinski |
|---|---|
| Next by Date: | Re: [RFC PATCH nf-next] netfilter: ipvs: Divide estimators into groups, Julian Anastasov |
| Previous by Thread: | Re: [PATCH] ipvs: add a sysctl switch to control ipvs to bypass OUTPUT chain or not, Julian Anastasov |
| Next by Thread: | [PATCH net-next] genetlink: start to validate reserved header bytes, Jakub Kicinski |
| Indexes: | [Date] [Thread] [Top] [All Lists] |