upvote
254K prefixes with skewed distribution means early exits dominate, and no SIMD throughput advantage survives a branch that terminates at depth 3. The interesting edge case is deaggregation events where prefix counts spike transiently and the rebuild-and-swap FIB has to absorb a table that's temporarily 2x normal size
reply
The obvious question, I guess: How much faster are you than whatever is in the Linux kernel's FIB? (Although I assume they need RCU overhead and such. I have no idea what it all looks like internally.)
reply
I likewise wonder from time to time whether I should replace WireGuard's allowedips.c trie with something better: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...
reply
I use Wireguard rarely enough that the AllowedIPs concept gets me every time. It gets easier when I replace it mentally with “Route=” :-)
reply
It's like a routing table on the way out and an ACL on the way in. Maybe an easier way to think of it.
reply
Sure, but how does this differ from a routing table with RPF (which is default in Linux already)?
reply
It's associated per-peer, so it assures a cryptographic mapping between src ip and public key.
reply
I wonder if this would port nicely over to rustybgp.
reply