From owner-freebsd-pf@FreeBSD.ORG Tue Oct 21 18:05:24 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CF841065673 for ; Tue, 21 Oct 2008 18:05:24 +0000 (UTC) (envelope-from cmarlatt@rxsec.com) Received: from core.rxsec.com (core.rxsec.com [64.132.46.102]) by mx1.freebsd.org (Postfix) with SMTP id C7A968FC16 for ; Tue, 21 Oct 2008 18:05:23 +0000 (UTC) (envelope-from cmarlatt@rxsec.com) Received: (qmail 74677 invoked by uid 2009); 21 Oct 2008 17:28:11 -0000 Received: from 10.1.0.239 by core.rxsec.com (envelope-from , uid 2008) with qmail-scanner-1.25-st-qms (clamdscan: 0.86.2/1102. spamassassin: 3.0.4. perlscan: 1.25-st-qms. Clear:RC:0(10.1.0.239):SA:0(-3.8/5.0):. Processed in 2.482289 secs); 21 Oct 2008 17:28:11 -0000 X-Spam-Status: No, hits=-3.8 required=5.0 X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com X-Antivirus-RXSEC: 1.25-st-qms (Clear:RC:0(10.1.0.239):SA:0(-3.8/5.0):. Processed in 2.482289 secs Process 74622) Received: from unknown (HELO ?10.1.0.239?) (cmarlatt@rxsec.com@10.1.0.239) by core.rxsec.com with SMTP; 21 Oct 2008 17:28:08 -0000 Message-ID: <48FE1394.7000700@rxsec.com> Date: Tue, 21 Oct 2008 13:38:28 -0400 From: Chris Marlatt Organization: Receive Security User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Rajkumar S References: <64de5c8b0810210918x38c9d6e7u5244b7dbdc13c8b3@mail.gmail.com> In-Reply-To: <64de5c8b0810210918x38c9d6e7u5244b7dbdc13c8b3@mail.gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: pf and 10g NICs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2008 18:05:24 -0000 Rajkumar S wrote: > Hi, > > Recently Vyatta had a press release about it's software (Linux) able > to route 10gbps traffic. That got me curious as to the maximum > throughput pf can sustain with a 10G NIC. Any one with any links of > tests/benchmarks done?? I know the number of rules have an impact on > throughput (amongst lot of other factors), but numbers like 10G looks > great on press releases and in proposals, even if it's done > with just a single pass rule :) > > raj There is a huge difference between routing at 10Gb/s and filtering at 10Gb/s. I'd be willing to bet their performance with features enabled and filtering (acl's) is significantly less than advertised. To answer your question though. There is a lot of information in the archives relating to pps performance and ipfw/pf. Fairly detailed accounts of what was achieved. I would suggest searching there for more information. Regards, Chris