Responding to the thread as a whole: another alternative is the FLOWTABLE kernel option. I added route and link-layer caching for endpoints (TCP and UDP), which makes the FLOWTABLE option less useful (or undesirable) there, but FLOWTABLE adds route caching for packet forwarding as well. I’d suggest testing that also. Mike