I’m looking for a 10 or 25 Gbps Mellanox NIC that has NAT44 offload support in Linux. This is for an ISP with a thousand users or so, and we have nftables rules that handle NAT mappings, including a map with ~100 public IPs, for snat and dnat. Peak loads are 5+ Gbps or so, and mean loads more like up to 2 Gbps. We want to add two NAT boxes to move NAT functionality off of our gateway.
We actually think that general purpose hardware should be able to handle this load, without hardware acceleration. But, if there are Mellanox NICs that can do it, it may allow us to use lower-end CPUs, with increased performance and room for future growth.
Would the ConnectX-3 or 4 do this for us?
And, in case we also add shaping with tc on the same NIC, will the hardware offloads still work?
Thank you for posting your inquiry on the NVIDIA Networking Community.
Our NVIDIA ConnectX-4/5/6 Ethernet adapters are capable of NAT44 offload, even if you shape (Packet Pacing) it with ‘tc’.
We would not recommend the ConnectX-3 anymore, as it is reaching its EOL status for certain SKU’s.
Thank you and regards,
~NVIDIA Networking Technical Support
Thanks. I think I see now how this works with nftables. You define a flowtable, and offload that flowtable to hardware, so that the initial routing decision is made in software when the flow starts, and further packets for that flow follow the hardware path.
With the shaping, I see you’re referring to the hardware pacing feature in the card. We currently use fq_codel or straight Codel in software, but that doesn’t appear to be available in hardware. RED is possible, but more difficult to configure. My hope is that we can route some of these software-shaped flows separately from the hardware path to use tc qdiscs. Since they are lower rate 100 Mbps flows, it should not affect performance too much, while the high rate flows can keep using the hardware path.
Do you think that will work out?