Date: Wed, 23 Feb 2005 00:18:29 +0100 From: Michael Knudsen <none@e--molioner.dk.lh.bsd-dk.dk> To: bsd-dk@bsd-dk.dk Subject: Re: ydelse på ipfw
Quoting Claus Guttesen (cguttesen@yahoo.dk):
> > Hvis jeg ikke husker galt, koerer ipf i user mode.
>
> Jeg har ikke tænkt på det, jeg har oversat kernen med
> ipf-understøttelse, og antog derfor at det var en del
> af kernen.
Hm, maaske husker jeg galt og blander ipfw og ipf sammen. Det er vist natd,
jeg taenkte paa.
Henning Brauer skrev noget om ipf og pf paa samme hardware for nogle aar
siden -- maaske det stadig gaelder:
http://www.benzedrine.cx/henning.txt
Det vigtige:
Old and new box are identical hardware-wise: Duron 700, 128 MB
RAM, 3x 21143-based NICs using dc(4). With 2.9 and ipf, it ran
at over 90% CPU usage at prime time and delays began to be
noticeable. The rule file was already fairly high optimized.
Short story: I haven't seen the 3.0/pf box less than 89% idle
CPU-wise. We are having about 10000 packets per seconds each on
the main external and the main internal interface; I have about
1000 rules. One should also note that the new box does even more
than the old one, I added two more /24s which also leads to a
lot of additional rules. When I tried to add just a _few_ rules
for this new space to ipf the load instantly was at 100% even
outside the prime time.
Mvh. Michael.
-- Winter meant the coming of the lazy wind, which couldn't be bothered to blow around people and blew right through them instead. -- (Terry Pratchett, Wyrd Sisters)
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:48 CET