| Scenario | Software PPS | Offloaded PPS | |-----------------------|--------------|----------------| | Simple forward (UDP) | 1.2 M | | | 5-tuple ACL (100 rules) | 0.9 M | 7.2 M |
: Uses kernel optimizations to speed up the packet flow for established connections. kmod-nft-offload
If you are running a modern Linux router (such as OpenWrt) or a high-performance firewall, you may have encountered the package kmod-nft-offload . While standard firewall rules process packets using the CPU, this module enables the kernel to offload those rules directly to the network hardware (Network Interface Card or Switch). | Scenario | Software PPS | Offloaded PPS