Main runtime parameters¶

Generic capabilities
Routing capabilities
Filtering capabilities
Bridge filtering capabilities
VLAN capabilities
MACVLAN capabilities
VXLAN capabilities
GRE capabilities
Reassembly capabilities
Security

For convenience, this section gathers the most important runtime parameters. The default values are indicated for Virtual Accelerator and may differ for other 6WIND products.

Generic capabilities ¶

--max-ifnet¶

Maximum number of logical interfaces. The Linux logical interfaces are mirrored in the fast path as ifnet. It includes physical ports and all virtual ports like ethgrp, VRRP, GRE, VLAN, vti etc.

It must be at least greater than or equal to the maximum number of physical ports plus the number of VRs.

Default value: 2048
Memory footprint per ifnet: 3 KB
Range: 16 .. 50K

--max-vr¶

Maximum number of VRs. Linux VRs based on network namespaces are mirrored as VR objects in the fast path.

Be careful if the number of VRs is increased it can be necessary to increase some other capabilities too:

Number of PBR rules. See --max-pbr-rules for details.
Number of IPv4 Netfilter rules. See --max-nfrules for details.
Number of IPv6 Netfilter rules. See --max-nf6rules for details.

Default value

16

Memory footprint per vr

4.6 MB

This memory footprint is mainly dependent of ipset. See --max-nf-ipsets for details.

Range

1 .. 2048

Routing capabilities ¶

--max-addr¶

Maximum number of IPv4 addresses

Default value: 4096
Memory footprint per IPv4 address: 8 B
Range: 0 .. 4M

--max-route¶

Maximum number of IPv4 routes

Default value: 50000
Memory footprint per IPv4 route: 50 B
Range: 0 .. 4M

--max-neigh¶

Maximum number of IPv4 neighbors

Default value: 5000
Memory footprint per IPv4 neighbor: 50 B
Range: 0 .. 400K

--rt4-ecmp-algo=[fp|linux]¶

IPv4 ECMP algorithm used by the fast path.

Default value: fp

--max-addr6¶

Maximum number of IPv6 addresses

Default value: 4096
Memory footprint per IPv6 address: 20 B
Range: 0 .. 4M

--max-route6¶

Maximum number of IPv6 routes

Default value: 50000
Memory footprint per IPv6 route: 50 B
Range: 0 .. 4M

--max-neigh6¶

Maximum number of IPv6 neighbors

Default value: 5000
Memory footprint per IPv6 neighbor: 50 B
Range: 0 .. 400K

--max-pbr-rules¶

Maximum number of PBR rules.

At least 5 PBR rules (3 for IPv4 and 2 for IPv6) are created per VR

Default value: 1024
Memory footprint per PBR rule: 100 B
Range: 0 .. 400K

Filtering capabilities ¶

--max-nfrules¶

Maximum number of IPv4 Netfilter rules.

At least 18 IPv4 Netfilter rules (in filter, mangle, raw and nat tables) are created per VR

Default value: 3072
Memory footprint per IPv4 Netfilter rule: 35 KB
Range: 0 .. 40K

--max-nf6rules¶

Maximum number of IPv6 Netfilter rules.

At least 13 IPv6 Netfilter rules (in filter, mangle and raw tables) are created per VR

Default value: 2048
Memory footprint per IPv6 Netfilter rule: 35 KB
Range: 0 .. 40K

--max-nfct¶

Maximum number of IPv4 Netfilter conntracks

Default value: 1024
Memory footprint per IPv4 Netfilter conntrack: 100 B
Range: 0 .. 1M

--max-nf6ct¶

Maximum number of IPv6 Netfilter conntracks

Default value: 1024
Memory footprint per IPv6 Netfilter conntrack: 100 B
Range: 0 .. 1M

--max-nf-ipsets¶

Maximum number of ipsets per VRF

Default value

64

Memory footprint

Memory footprint (in bytes) for ipset follows the formula:

(8420 + 28 * max-nf-ipset-entries) * max-nf-ipsets * max-vr

See --max-vr for default values of max-vr.

Range

0 .. 1000

--max-nf-ipset-entries¶

Maximum number of entries per ipset

Default value: 2048
Memory footprint: See --max-nf-ipsets
Range: 0 .. 1000

Bridge filtering capabilities ¶

--max-ebtables-rules¶

Maximum number of bridge filter rules

Default value: 3072
Memory footprint per IPv4 Netfilter rule: 35 KB
Range: 0 .. 40K

VXLAN capabilities ¶

--max-vxlan-port¶

Maximum number of (VXLAN destination port, VR) pairs

Default value: 15
Memory footprint per (VXLAN destination port, VR) pair: 2 KB
Range: 0 .. 128

--max-vxlan-if¶

Maximum number of VXLAN interfaces

Default value: 127
Memory footprint per VXLAN interface: 66 KB
Range: 0 .. 50K

--max-vxlan-fdb¶

Maximum number of VXLAN forwarding database entries

Default value: 5000
Memory footprint per IPv6 Netfilter conntrack: 100 B
Range: 0 .. 50K

Reassembly capabilities ¶

--max-reass-queues¶

Power of 2 of the maximum number of simultaneous reassembly procedures for IPv4

Default value: 6
Memory footprint: None
Range: 0 .. 30

--max-reass6-queues¶

Power of 2 of the maximum number of simultaneous reassembly procedures for IPv6

Default value: 6
Memory footprint: None
Range: 0 .. 30

By default, the fast path will try to execute with the least privileges possible. That means it will only keep linux capabilities that it actually uses, and will also change from user “root” to user “fastpath” once initialization is finished.

Export this option in your fast-path.env configuration in order to disable this behavior and run fast path as root with full capabilities.

Main runtime parameters¶

Generic capabilities ¶

Routing capabilities ¶

Filtering capabilities ¶

Bridge filtering capabilities ¶

VLAN capabilities ¶

MACVLAN capabilities ¶

VXLAN capabilities ¶

GRE capabilities ¶

Reassembly capabilities ¶

Security ¶