Hacker News new | past | comments | ask | show | jobs | submit login

I think keeping that kind of stuff to the minimum would be important.

iptables is a good example -- it can scale rather poorly! Packets are run across the chains at length until a matching rule is found.

For most configurations this isn't a problem - the rules are filtered against quickly.

If density reaches the point to where you have thousands of forwards, it'll slow down a lot!

You'll want to look into optimizations (eg: ipsets), offloading to hardware, or simply going to host networking




If you're running a handful of game servers on each machine, each with a single NATed port, you're fine. At bigger scales it's a problem, but as you mention there are better solutions now.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: