Firewall Profiling.

[Sami Halabi]

Hi,
do you use dummynet?
what is the server hardware configuration and tunings you did to acheive
10Gbps ?

Sami

On Tue, Dec 27, 2011 at 1:36 PM, Alexander V. Chernikov <
melifaro at freebsd.org> wrote:

> On 27.12.2011 04:54, Pawel Tyll wrote:
>
>> Hi lists,
>>
>> Are  there any profiling tools in the system or ports that would allow
>> me  to  determine how much processing is being done per packet and how
>> long  does  it  take? I would like to predict possible PPS load for my
>> system and perhaps locate and remove some bottlenecks.
>>
>> Is  IPFW  efficient  enough  to  firewall  2x10GE  (in+out) interfaces
>> without  much  latency  increase,  when  running  on  modern  hardware
>> with Intel NICs? Majority of processing tasks would probably be setfib
>> according to matches in tables.
>>
> IPFW seems to add more or less constant overhead per rule. In our setup,
> ~20 rules increase load by 100% (one core).  We are able to reach 10GE
> (1.1mpps) on some routers with most packets travelling 8-10 ipfw rules.
> However, even with ipfw add 1 allow ip from any to any
> 1.1 mpps routing utilizes E5645 by more that 80%. (with IGP routes in
> rtable only). YMMV, but 2x10G is too much at the moment even without ipfw.
>
>
>> Pawel.
>>
>>
>> ______________________________**_________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/**mailman/listinfo/freebsd-net<http://lists.freebsd.org/mailman/listinfo/freebsd-net>
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@**freebsd.org<freebsd-net-unsubscribe at freebsd.org>
>> "
>>
>>
>
> --
> WBR, Alexander
> ______________________________**_________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-net<http://lists.freebsd.org/mailman/listinfo/freebsd-net>
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@**freebsd.org<freebsd-net-unsubscribe at freebsd.org>
> "
>



-- 
Sami Halabi
Information Systems Engineer
NMS Projects Expert