Date: Sat, 8 Jan 2000 15:17:11 +0100 From: "Alexander Sanda" <entropy@kabsi.at> To: <current@freebsd.org> Subject: RE: 4.0 slower than 3.4? Message-ID: <NDBBLKBFCKCJCKFEPIKJGEMDCEAA.entropy@kabsi.at> In-Reply-To: <ABD44D466F85D311A69900A0C900DB6BC5D5@staff.accessus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason Young wrote:
Saturday, January 08, 2000 9:02 AM
> It probably isn't the best of all ideas to have BOTH IP firewalling
> solutions installed and running at once. This will add some
> overhead. Pick one and stick with it. And why do you have DUMMYNET
> running?
>
> There is a new version of IPFilter in -CURRENT if I recall
> correctly, and this may be related to your timing issues. Really
> you ought to just take IPFILTER out of your configuration.
To my understanding, both IPFW (ipfw.ko) and IPFILTER (ipl.ko) can be
built as modules.
I have made some lmbench tests and they show that ipfilter actually
adds more latency than ipfw.
Here are some lmbench results taken on a P3-500, -current (2 days
old)
First, plain (no module loaded):
UDP latency using localhost: 65 microseconds
TCP latency using localhost: 67 microseconds
RPC/udp latency using localhost: 111 microseconds
RPC/tcp latency using localhost: 139 microseconds
TCP/IP connection cost to localhost: 119 microseconds
Socket bandwidth using localhost: 71.97 MB/sec
Now, ipl.ko loaded (ipfilter), no rulesets
UDP latency using localhost: 80 microseconds
TCP latency using localhost: 85 microseconds
RPC/udp latency using localhost: 129 microseconds
RPC/tcp latency using localhost: 155 microseconds
TCP/IP connection cost to localhost: 145 microseconds
Socket bandwidth using localhost: 67.72 MB/sec
The following is for ipfw.ko loaded (default policy to accept,
no other rules).
UDP latency using localhost: 68 microseconds
TCP latency using localhost: 73 microseconds
RPC/udp latency using localhost: 115 microseconds
RPC/tcp latency using localhost: 143 microseconds
TCP/IP connection cost to localhost: 127 microseconds
Socket bandwidth using localhost: 70.11 MB/sec
And finally, both ipl.ko and ipfw.ko loaded (rather
stupid imho, I think they're supposed to work as an either-or
solution :) ).
UDP latency using localhost: 84 microseconds
TCP latency using localhost: 90 microseconds
RPC/udp latency using localhost: 132 microseconds
RPC/tcp latency using localhost: 160 microseconds
TCP/IP connection cost to localhost: 152 microseconds
Socket bandwidth using localhost: 66.04 MB/sec
--
/"\ /
\ / ASCII RIBBON CAMPAIGN / For every single problem you can
X AGAINST HTML MAIL / find a solution, which is simple,
/ \ AND POSTINGS / neat and wrong.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBLKBFCKCJCKFEPIKJGEMDCEAA.entropy>