Will you support chipsets with (stateful) NAT capability in the future and if so how does the roadmap look like in terms of dates?
By the way, for anyone that wants more information then offered here have a look https://mailman.nanog.org/pipermail/nanog/2018-October/097512.html
Hi @Roland thanks for asking! This is something we’re working on currently and should be out in a release in the coming months.
Also interested in this. Currently on Arista switches as it’s supported looking for alternatives.
Hey @charlesrg, @Melvin and @Roland: we just released Cumulus Linux 4.1 yesterday, which includes support for static and dynamic NAT!
Are there any plans to increase the max conntrack session table size for spectrum 2 switches? Currently cumulus has an 8k limit. Looking at the spectrum 2 ASIC product page shows it supports 100k+
With the limits that low, I’m not sure how realistic it is to be able to use this feature. Whats the expected use-case? I can’t really see much use for this with those kinds of limits.
@etfeet do you have a particular number in mind? We are looking to expand this number in an upcoming release.
something a little more usable. From what I can find kernel uses the following formula to determine default max size: # 64 bit system CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (64 / 32)
for the mallanox asic with 8gb of RAM that would come out to ~ 262,144
Ideally I’d like to have a session table that can support 200-300k connections.
From what I can tell the mellanox asic should be able to do it.
session table size is calculated using the following formula I believe: session table size = conntrack struct size (in bytes) * 2 * num_total_connections
on Ubuntu 18.04 i have a 328 struct size. Using that as a baseline It can support ~800k session table in ~1gb of memory (assuming the formulas i found on google are correct).
OK thanks for that. I let engineering know so we’ll see where things go from here.
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.