This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, November 7 • 4:20pm - 4:45pm
Evolving Stateful Firewalling: OVS+iptables, OVS+Conntrack, and Conntrack Acceleration- John Hurley, Netronome

Sign up or log in to save this to your schedule and see who's attending!

The evolution of virtual switches means that security groups can now be supported directly on the switch rather than across attached Linux bridges, and may be managed by higher level tools such OVN. The latest Open vSwitch release (2.5) handles this by interfacing to the Linux kernel connection tracking (Conntrack) module, improving the performance and granularity of security group implementations. This presentation describes Conntrack within Open vSwitch and investigates techniques for further improving performance. It concludes by exploring the performance and CPU utilization benefits achievable by offloading connection tracking operations to Smart NICs.


John Hurley

Lead Software Engineer, Netronome
John has been working with Netronome for 4 years looking at the acceleration of SDN and virtual switching using multiple generations of Netronome’s Flow Processors and Intelligent Server Adapters. Prior to this he has been involved in academic research into network analytic and security systems at the Centre for Secure Information Technology (CSIT), Belfast, and product development through startup company TitanIC. He completed a MEng in... Read More →

Monday November 7, 2016 4:20pm - 4:45pm

Attendees (7)