From owner-freebsd-current@FreeBSD.ORG Wed Aug 16 22:57:06 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2452A16A4DF for ; Wed, 16 Aug 2006 22:57:06 +0000 (UTC) (envelope-from prvs=julian=376b08c52@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE2A443D58 for ; Wed, 16 Aug 2006 22:57:05 +0000 (GMT) (envelope-from prvs=julian=376b08c52@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 16 Aug 2006 15:57:04 -0700 Message-ID: <44E3A2C0.2020801@elischer.org> Date: Wed, 16 Aug 2006 15:57:04 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Jeremy References: <200608151627.37828.root@solink.ru> <20060815130002.M45647@fledge.watson.org> <200608160959.23100.root@solink.ru> <20060816094944.GC820@turion.vk2pj.dyndns.org> In-Reply-To: <20060816094944.GC820@turion.vk2pj.dyndns.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Bachilo Dmitry , freebsd-current@freebsd.org Subject: Re: throughput and interrupts X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 22:57:06 -0000 Peter Jeremy wrote: >On Wed, 2006-Aug-16 09:59:22 +0700, Bachilo Dmitry wrote: > > >>Oh, it's natd. Now I see, but I just don't get it. I know that natd is not >>efficient but, as I've said, at home I have 9 or almost 10 MB/sec through the >>natd, while at this particular server I see only 3,7 MB maximum. I've tried >>now to turn all the natting off and tried to download a file and got like 9 >>MB/sec, so it is natd who loads the system up. >> >> > >natd runs in userland so every packet has to be pushed out to userland, >processed and pushed back into the kernel. The vast majority of the >overhead is the userland/kernel transition so natd gives you a basically >fixed pps rate. Your throughput will vary depending on the packet size. > > in 6.1 there is an in kernel version of natd.. man ng_nat > > >>Someone advised me to use pf or ipnat, but I never did that before and heard >>that this nats have some limitations (like ipnat can't translate icmp packets >>or something). >> >> > >Some time ago, I switched from natd to ipnat at work because the >overhead was getting too much. (I've also switched hardware so I >can't give you direct performance comparisons). I have found some >problems with IPfilter in -stable when combining ipfilter/ipnat, >stateful filtering and conditional NATing (ie a packet to B gets NAT'd >to C only if it came from A). (The same combination works in IPfilter >3.x on Solaris.) Normal filtering and NATing works OK. > > >