Kmod-nft-offload Site

kmod-nft-offload is a kernel module for that enables hardware flow offloading

✅ Ideal for:

Real-World Use Cases

• NFV (Network Functions Virtualization): Running virtual routers that forward traffic between VMs at 100G line-rate.
• Kubernetes Service Mesh: Offloading service-to-service network policies to the NIC, freeing CPU for application containers.
• Edge Routers: Low-power x86 boxes routing thousands of unique flows (IoT, CDN) without melting.
• DDoS Mitigation: A hardware-offloaded drop rule for a specific attack IP address that consumes zero CPU.

Routers that might top out at 400-500 Mbps in software-only mode can often reach full Gigabit speeds (1000 Mbps) with hardware offloading enabled. Reduced CPU Load: kmod-nft-offload