![]() To have a clean design, it is best to have the ACL node independent of HW programming. Looking at the implementation of ACL, I realized that it would be easy to implement HW acceleration, while keeping the SW implementation as a fallback. I found this page, which shows that once security groups are activated in VPP, the forwarding performance is halved, and the performance degrades with the number of rules applied. In the first blog, I thought it would make sense to offload/accelerate the L2/元 graph nodes, but after looking at the implementation of the L2 and 元 graph nodes, I decided to look elsewhere.įrom the discussions I follow on Open vSwitch (OVS), it seems that security groups/access control lists (ACL) impose a huge performance penalty once they are activated. In that article, I left out HW acceleration and so I will be focusing on that in this post. This blog can be considered a continuation of my previous blog, which was about Vector Packet Processing (VPP) ( ). ACL HW acceleration improves performance.
0 Comments
Leave a Reply. |