Eric Garver, Author at Red Hat Developer Blog

Firewalld: The Future is nftables

By Eric Garver August 10, 2018August 9, 2018

Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

The benefits of nftables have been outlined on the Red Hat Developer Blog:

There are many longstanding issues with firewalld that we can address with nftables that were not possible with the old iptables backend. The nftables backend allows the following improvements:

Continue reading “Firewalld: The Future is nftables”

Open vSwitch: QinQ Performance

By Eric Garver June 27, 2017September 18, 2018

In a previous post, we introduced QinQ support for Open vSwitch. This post will investigate how QinQ performs relative to alternatives (VXLAN, GENEVE) in both throughput and CPU utilization. This will give us some understanding why we might consider QinQ over VXLAN or GENEVE.

Continue reading “Open vSwitch: QinQ Performance”

Open vSwitch: Overview of 802.1ad (QinQ) Support

By Eric Garver June 6, 2017June 1, 2017

Open vSwitch (OVS) recently gained support for 802.1ad (QinQ). It can be used as a lightweight alternative to tunnel technologies such as; VXLAN, GENEVE, GRE. A key advantage of QinQ is that it can make use of hardware offload features common in network interface cards (NICs). Only newer NICs support hardware offload for VXLAN and GENEVE. QinQ also incurs less frame processing and has a smaller encapsulation overhead.

Continue reading “Open vSwitch: Overview of 802.1ad (QinQ) Support”

Blog Articles

Eric Garver

Recent Posts

Firewalld: The Future is nftables

Open vSwitch: QinQ Performance

Open vSwitch: Overview of 802.1ad (QinQ) Support