kmod-nft-offload is a crucial kernel module for anyone looking to maximize the performance of their OpenWrt router by leveraging Flow Offloading.
Example nftables configuration:
nftables hook chain (e.g., prerouting, forward).kmod-nft-offload is a Linux kernel module and userspace integration that enables nftables to offload packet-matching and action-processing work to network hardware (NICs and smart NICs) that support flow offload capabilities. Offloading moves frequently executed datapath operations out of the kernel CPU path into the NIC, reducing CPU utilization, improving throughput, and lowering latency for high-volume packet flows such as those in data centers, cloud hosts, and edge gateways. kmod-nft-offload
Performance Benefit: In supported setups, it can significantly increase throughput (e.g., jumping from ~260Mbps to ~680Mbps in certain speed tests) by bypassing intensive CPU-bound processing for established connections. Usage and Troubleshooting
In the world of high-performance networking, the CPU is often the bottleneck. As multi-gigabit internet speeds become more common, even powerful consumer routers struggle to keep up with the sheer volume of packets. This is where kmod-nft-offload comes into play. kmod-nft-offload is a crucial kernel module for anyone
Offloading bypasses the CPU, which means SQM can't "see" or shape the traffic. Complex Logging
By offloading nftables rules to hardware, kmod-nft-offload alleviates the CPU burden, allowing it to focus on more critical tasks. This results in improved network performance, characterized by increased throughput and reduced latency. A packet arrives at the NIC
Once installed, you must activate it in your firewall configuration. You can do this via the LuCI Web Interface or the CLI.