From owner-freebsd-questions@FreeBSD.ORG  Fri May 11 13:16:39 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8B96A16A402
	for <questions@freebsd.org>; Fri, 11 May 2007 13:16:39 +0000 (UTC)
	(envelope-from info@plot.uz)
Received: from qb-out-0506.google.com (qb-out-0506.google.com [72.14.204.237])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F0AB13C44B
	for <questions@freebsd.org>; Fri, 11 May 2007 13:16:39 +0000 (UTC)
	(envelope-from info@plot.uz)
Received: by qb-out-0506.google.com with SMTP id e6so1290492qbe
	for <questions@freebsd.org>; Fri, 11 May 2007 06:16:38 -0700 (PDT)
Received: by 10.65.250.11 with SMTP id c11mr5175842qbs.1178888483582;
	Fri, 11 May 2007 06:01:23 -0700 (PDT)
Received: from plot.uz ( [83.221.170.75])
	by mx.google.com with ESMTP id q16sm6795040qbq.2007.05.11.06.01.21;
	Fri, 11 May 2007 06:01:23 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05)
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable 
	version=3.1.7
X-Spam-Report: 
Received: from localhost by plot.uz (MDaemon PRO v9.5.5)
	with DomainPOP id md50000002235.msg
	for <questions@freebsd.org>; Fri, 11 May 2007 18:00:30 +0500
Delivered-To: aleksey@plot.uz
Received: by 10.100.123.18 with SMTP id v18cs1273229anc;
	Fri, 11 May 2007 05:55:08 -0700 (PDT)
Received: by 10.90.71.3 with SMTP id t3mr2816198aga.1178888108459;
	Fri, 11 May 2007 05:55:08 -0700 (PDT)
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by mx.google.com with ESMTP id 8si47239669nzn.2007.05.11.05.55.07;
	Fri, 11 May 2007 05:55:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of owner-freebsd-isp@freebsd.org
	designates 69.147.83.53 as permitted sender)
Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54])
	by mx2.freebsd.org (Postfix) with ESMTP id 7295BF6EB;
	Fri, 11 May 2007 12:54:22 +0000 (UTC)
	(envelope-from owner-freebsd-isp@freebsd.org)
Received: from hub.freebsd.org (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 0BA6216A400;
	Fri, 11 May 2007 12:54:22 +0000 (UTC)
	(envelope-from owner-freebsd-isp@freebsd.org)
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0DAD116A402
	for <freebsd-isp@freebsd.org>; Fri, 11 May 2007 12:54:18 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.locolomo.org (97.pool85-48-194.static.orange.es
	[85.48.194.97])
	by mx1.freebsd.org (Postfix) with ESMTP id BCE0B13C483
	for <freebsd-isp@freebsd.org>; Fri, 11 May 2007 12:54:17 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: by strange.locolomo.org (Postfix, from userid 1024)
	id F15822E04D; Fri, 11 May 2007 14:37:43 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by strange.locolomo.org (Postfix) with ESMTP id E583E2E048;
	Fri, 11 May 2007 14:37:43 +0200 (CEST)
Date: Fri, 11 May 2007 14:37:43 +0200 (CEST)
To: Todor Dragnev <todor.dragnev@gmail.com>
In-Reply-To: <f72a639a0705110442p757b683fj545c75f4cc71155e@mail.gmail.com>
Message-ID: <20070511143235.Y6855@strange.locolomo.org>
References: <f72a639a0705110442p757b683fj545c75f4cc71155e@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Errors-To: owner-freebsd-isp@freebsd.org
X-Return-Path: owner-freebsd-isp@freebsd.org
X-Envelope-From: owner-freebsd-isp@freebsd.org
X-MDaemon-Deliver-To: questions@freebsd.org
X-Spam-Processed: plot.uz, Fri, 11 May 2007 18:00:32 +0500
From: Erik Norgaard <info@plot.uz>
Cc: freebsd-isp@freebsd.org, questions@freebsd.org
Subject: Re: Large scale NAT
X-BeenThere: freebsd-questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2007 13:16:39 -0000

On Fri, 11 May 2007, Todor Dragnev wrote:

> Hello list,
>
> I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box(
> v6.2) to translate RFC1918 ip addresses to real one.
>
> All works fine, but my CPU usage is very high and router starts to drop
> packets and sometimes freeze.
> I fix freezes problem with POLLING but CPU usage is still very high.
>
> Throughput on one interface is about 200Mbit/s, but next month I will need
> more speed to pass through this box and I looking  for better solution
>
> What is the throughput limit what I can expect from FreeBSD in this
> situation?
>
> Are someone in the list have experience with large NAT tables?
> It is time to switch to Cisco or something similar - any suggestions ?

There is a comparison of ip-filter and packet filter here

http://www.benzedrine.cx/pf-paper.html

Rather old now, but as I understand, pf does a better job when tables grow 
large when filtering is stateful.

Cheers, Erik

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"