Day 3 / Common Track / Talk 8 Talk – Nuts-n-Bolts: Conntrack: tales of software datapaths Speakers: Aaron Conole, Marcelo Leitner Report by: Anjali Singhai

Aaron and Marcelo from Redhat begun their talk by providing the motivation for conntrack, being a big DOS vector. However conntrack is important. They highlighted that the lack of offloaded conntrack is visible and hinders open vswitch offload, with major cloud vendors abandoning “conntrack” where they can and devising their own connection tracking. Open stack and cloud vendors still need it.

Their approach to offload conntrack was that since it must be integrated with current offloading datapath, it requred a software datapath support. Since it was part of netfliter, it was easy to integrate and integrated with tc.

They showcased the tc actions with connection tracking such as, ct action marking, sending to conntrack, setting zone information. CT action was RCU-fied.

As future work, they highlighted that they wanted to better understand performance, provide NAT support and OvS action ct(table=X) creates a copy of the packet and returns the ruleset. How could they do that too? Also offloading hooks still need to be worked out.

Mellanox working with Redhat to get ct work done. Kubernetees need connection tracking and floating IP
