wenxu <wenxu@xxxxxxxxx> wrote:
> ns21 iperf to 10.0.0.8 with dport 22 in ns22
> first time with OFFLOAD enable
>
> nft add flowtable bridge firewall fb2 { hook ingress priority 0 \; devices = { veth21, veth22 } \; }
> nft add chain bridge firewall ftb-all {type filter hook forward priority 0 \; policy accept \; }
> nft add rule bridge firewall ftb-all counter ct zone 2 ip protocol tcp flow offload @fb2
>
> # iperf -c 10.0.0.8 -p 22 -t 60 -i2
[..]
> [ 3] 0.0-60.0 sec 353 GBytes 50.5 Gbits/sec
>
> The second time on any offload:
> # iperf -c 10.0.0.8 -p 22 -t 60 -i2
> [ 3] 0.0-60.0 sec 271 GBytes 38.8 Gbits/sec
Wow, this is pretty impressive. Do you have numbers without
offload and no connection tracking?
Is this with CONFIG_RETPOLINE=y (just curious)?
