On 2/12/18 2:54 PM, Eric Dumazet wrote: > On Mon, 2018-02-12 at 16:05 -0500, David Miller wrote: >> From: Eric Dumazet <eric.duma...@gmail.com> >> Date: Mon, 12 Feb 2018 12:49:33 -0800 >> >>> Any setup with about 20 rules to be evaluated (per packet cost) will >>> feel the pain... >>> >>> I wonder if we could JIT/eBPF this thing. >> >> That's true for the software implementation angle. >> >> But I bet anyone actually using this thing will get it hardware >> offloaded. > > I wish :) > > We had project/teams using different routing tables for each vlan they > setup :/
VRF per VLAN, only 1 rule needed > > Setups with tunnels are doubly impacted, it is really easy to reach 20 > evaluated rules per incoming and outgoing packet. > >
