Date: Thu, 13 Aug 2009 17:25:56 -0400 From: Tom Uffner <tom@uffner.com> To: pf@freebsd.org, current@freebsd.org Subject: packet forwarding/firewall performance question Message-ID: <4A8484E4.6090504@uffner.com>
next in thread | raw e-mail | index | archive | help
I am curious what level of performance I should expect from the firewall box described below in terms of packets/sec and bytes/sec. it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface and 20 Mbs symetric Fios on the outside. both interfaces are 100 Mbs. it is running sshd, bsnmpd, sendmail (outbound only), bind9 (serving local domain info & queries from 5-15 machines on the LAN) and isc-dhcpd. it acts as a border firewall/router for a small LAN w/ 5 static external addresses & the rest NATed. Kernel: http://www.uffner.com/temp/GATEWAY.txt dmesg: http://www.uffner.com/temp/dmesg.txt rc.conf: http://www.uffner.com/temp/rc.conf.txt pf.conf: http://www.uffner.com/temp/pf.conf.txt i'm hoping a few people will give me estimates on what kind of throughput i should theoretically expect before i provide any actual test data. also, any suggestions on tuning would be welcome. so far in preliminary tests, enabling polling on the network interfaces reduces my performance slightly both to/from and through the box. net.inet.ip.fastforwarding doesn't seem to make much difference either way but i haven't done very thorough testing of it. increasing net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not sufficiently tested.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A8484E4.6090504>