On Mon, Nov 16, 2020 at 02:45:21PM -0800, Jakub Kicinski wrote: > On Mon, 16 Nov 2020 23:36:15 +0100 Pablo Neira Ayuso wrote: > > > Are you saying A -> B traffic won't match so it will update the cache, > > > since conntrack flows are bi-directional? > > > > Yes, Traffic for A -> B won't match the flowtable entry, this will > > update the cache. > > That's assuming there will be A -> B traffic without B sending a > request which reaches A, first. B might send packets to A but this will not get anywhere. Assuming TCP, this will trigger retransmissions so B -> A will kick in to refresh the entry. Is this scenario that you describe a showstopper? Thank you.
