I have a load balancing implementation using neighbor discovery packet control, and I used nfqueue to route the neighbor solicitation packets to user space. In user space I make the decision of which real vip should answer, and generate the appropriate neighbor advertisement. I then use the nfqueue disposition to drop the solicitation packet so linux doesn't respond. During my design review, a concern was raised as to the performance impact using netfilter has on the non-selected packets. By that, I mean the performance of answering the neighbor solicitation is not a concern, but if the implementation of netfilter in the kernel causes a performance problem for the other packets being processed on that same nic and/or ip then it is a serious concern. Does anyone have ideas on the performance impact of netfilter on non-selected packets? Thanks, Credzba -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
