prepend encapsulation rules to reduce number of reconciliation thereof
because of the way the iptables rules are reconciled, having the encapsulation rules at the end of the slice of rules results in them being deleted and re-added many times, even though they are very static. Prepending them to the slice of rules prevents this from happening, making that iptables chain more stable and saving a bunch of roundtrips to iptables.
This commit is contained in:
parent
37b3cf1fc8
commit
0f0b0bda13
@ -516,7 +516,9 @@ func (m *Mesh) applyTopology() {
|
|||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ipRules = append(ipRules, m.enc.Rules(cidrs)...)
|
|
||||||
|
ipRules = append(m.enc.Rules(cidrs), ipRules...)
|
||||||
|
|
||||||
// If we are handling local routes, ensure the local
|
// If we are handling local routes, ensure the local
|
||||||
// tunnel has an IP address.
|
// tunnel has an IP address.
|
||||||
if err := m.enc.Set(oneAddressCIDR(newAllocator(*nodes[m.hostname].Subnet).next().IP)); err != nil {
|
if err := m.enc.Set(oneAddressCIDR(newAllocator(*nodes[m.hostname].Subnet).next().IP)); err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user