Can i Disable SELinux and IPTables on CVM?

  • 30 June 2017
  • 2 replies
  • 2839 views

Badge
I am facing some latency on network and i am thinking to disable the SELinux and the IPtables on my CVMs.

I found this Whitepaper from VMware that tells to try to disable the SELinux and the IPtables for Linux Guests in order to try improve the network latency:
https://www.vmware.com/techpapers/2011/best-practices-for-performance-tuning-of-latency-s-10220.html

I know that is not a good idea and also safe idea... What do you think? 😉

2 replies

Userlevel 3
Badge +19
Hi Alex,
I would strongly recommend not to disable SELinux and IPtables, If you have any issues, even related to network latency contact Nutanix Support, sure they will address any concerns.

F.P
Userlevel 3
Badge +17
As IPTables is the firewall process running in Linux so I don't think it really makes affect to the packet latency caused by the True/False or Match/Unmatch of the firewall entries and if it had, there should be very small percentage of the opportunity in which the IPTables delays in packet processing.

By the way, there are lots of ways to increase the kind of network latency so just consult on them first and see IPTables just like the last effort for your solution

Reply