From owner-freebsd-performance@FreeBSD.ORG Mon Jul 19 09:19:25 2010 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2AAD41065670 for ; Mon, 19 Jul 2010 09:19:25 +0000 (UTC) (envelope-from gofp-freebsd-performance@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id AAD558FC20 for ; Mon, 19 Jul 2010 09:19:24 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OamVP-0005r5-Nn for freebsd-performance@freebsd.org; Mon, 19 Jul 2010 11:19:23 +0200 Received: from nuclight.avtf.net ([217.29.94.29]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 19 Jul 2010 11:19:23 +0200 Received: from vadim_nuclight by nuclight.avtf.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 19 Jul 2010 11:19:23 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-performance@freebsd.org From: Vadim Goncharov Date: Mon, 19 Jul 2010 09:19:12 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 44 Message-ID: References: <28778099.post@talk.nabble.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: nuclight.avtf.net X-Comment-To: Nikol@y User-Agent: slrn/0.9.9p1 (FreeBSD) Subject: Re: pf nat & ipfw kernel nat & ng_nat - what uses less computer resources? X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jul 2010 09:19:25 -0000 Hi Nikol@y! On Fri, 4 Jun 2010 03:19:41 -0700 (PDT); Nikol@y wrote about 'pf nat & ipfw kernel nat & ng_nat - what uses less computer resources?': > We have a network. Now we are using pf NAT. But we are interested in some > question: > 1. What type of NAT uses less computer resources? > a) pf NAT > b) ipfw kernel NAT > c) NG_NAT ? AFAIK, ipfw nat uses slightly less resources than ng_nat (not significant), and pf uses more reosurces than two others. > 2. BINAT or NAT - what is better? Which one of them is more faster and uses > less computer resources with one of firewall? In theory I think that BINAT > faster than NAT, because there is no necessary to track connections. Not in implementation, it always does. > 3. I know that the firewall PF does not support threads. I read that IPFW is > (in FreeBSD 8.0, for example). But in my test I haven`t seen threads when > used IPFW. Maybe there are some special options to compile kernel or > configure IPFW? For tests I compiled kernel with: There are no special threads for ipfw, it runs in the context of other threads (driver, netisr or swi1, depending on settings and compile options). > 4. I can`t find any information about BINAT in ipfw+ng_nat? Does anyone use > this technology? Or maybe you know interesting information about it? It is no "so binat" as in pf, but it can be emulated. Read these: man natd man libalias man ng_nat and use redirect_address (all three use the same underlying libalias, so even for different implementations techniques are valid). -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]