Network performance in a dual CPU system
Julian Elischer
julian at elischer.org
Fri Feb 10 12:55:27 PST 2006
Marcos Bedinelli wrote:
> Hi Julian,
>
>
> On 10-Feb-06, at 14:54, Julian Elischer wrote:
>
>> I have found that most people can optimise there ipfw rulests
>> considerably.
>>
>> for example: a first rule of:
>> 1 allow ip from any to any in recv {inside interfacfe}
>> 2 allow ip from any to any out xmit {inside interface}
>> will cut your ipfw load by 50% immediatly.
>> (you should only be filterring on one interface usually)
>>
>> use 'skipto' rules to immediatly send incoming and outgoing data to
>> different rules sets.
>>
>> etc.
>> (I you want to privatly send me your ruleset I can probably help you
>> do this)
>>
>> julian
>
>
>
> Thank you very much for your input and kind offer.
>
> Not long ago I removed the entire ruleset on that machine and the
> impact was minimal (i.e., CPU utilization was still above 98%).
yes but throughput probably went up ;-)
>
>
> Nevertheless, I am sure my ruleset can benefit from some polishing. I
> would like to take the liberty of writing to you in the future to
> exchange some ideas, provided you have no objections.
whenever you are would like to ..
>
> Thanks!
>
> --
> Marcos
More information about the freebsd-net
mailing list