Hi Dudes! Nowadays im building highload NATbox with DPDK and VPP (Vector Packet Processing).
Building system on my VirtualBox installation (CentOS 7.2 x64) with 4Gb mem and 4 cpu cores.
Hello! Yesterday i worked hard, and optimize iptables with mangle table, ipset and iproute.
We want mark addresses (located in ipset) which should routed to another host, and another packets via another gateway.
Thats rules give us minimal resourses to serve only online clients (dynamicaly walked in NAT server, not statical created in iproute2 – how it worked before).