From owner-freebsd-current Sat Jan 8 6:17:29 2000 Delivered-To: freebsd-current@freebsd.org Received: from radio.kabsi.at (mx.kabelsignal.at [195.202.129.3]) by hub.freebsd.org (Postfix) with ESMTP id 0366314F56 for ; Sat, 8 Jan 2000 06:17:22 -0800 (PST) (envelope-from entropy@kabsi.at) Received: from darkstar ([195.202.172.28]) by radio.kabsi.at (8.9.1/8.9.1) with SMTP id PAA04224 for ; Sat, 8 Jan 2000 15:17:12 +0100 From: "Alexander Sanda" To: Subject: RE: 4.0 slower than 3.4? Date: Sat, 8 Jan 2000 15:17:11 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jason Young wrote: Saturday, January 08, 2000 9:02 AM > It probably isn't the best of all ideas to have BOTH IP firewalling > solutions installed and running at once. This will add some > overhead. Pick one and stick with it. And why do you have DUMMYNET > running? > > There is a new version of IPFilter in -CURRENT if I recall > correctly, and this may be related to your timing issues. Really > you ought to just take IPFILTER out of your configuration. To my understanding, both IPFW (ipfw.ko) and IPFILTER (ipl.ko) can be built as modules. I have made some lmbench tests and they show that ipfilter actually adds more latency than ipfw. Here are some lmbench results taken on a P3-500, -current (2 days old) First, plain (no module loaded): UDP latency using localhost: 65 microseconds TCP latency using localhost: 67 microseconds RPC/udp latency using localhost: 111 microseconds RPC/tcp latency using localhost: 139 microseconds TCP/IP connection cost to localhost: 119 microseconds Socket bandwidth using localhost: 71.97 MB/sec Now, ipl.ko loaded (ipfilter), no rulesets UDP latency using localhost: 80 microseconds TCP latency using localhost: 85 microseconds RPC/udp latency using localhost: 129 microseconds RPC/tcp latency using localhost: 155 microseconds TCP/IP connection cost to localhost: 145 microseconds Socket bandwidth using localhost: 67.72 MB/sec The following is for ipfw.ko loaded (default policy to accept, no other rules). UDP latency using localhost: 68 microseconds TCP latency using localhost: 73 microseconds RPC/udp latency using localhost: 115 microseconds RPC/tcp latency using localhost: 143 microseconds TCP/IP connection cost to localhost: 127 microseconds Socket bandwidth using localhost: 70.11 MB/sec And finally, both ipl.ko and ipfw.ko loaded (rather stupid imho, I think they're supposed to work as an either-or solution :) ). UDP latency using localhost: 84 microseconds TCP latency using localhost: 90 microseconds RPC/udp latency using localhost: 132 microseconds RPC/tcp latency using localhost: 160 microseconds TCP/IP connection cost to localhost: 152 microseconds Socket bandwidth using localhost: 66.04 MB/sec -- /"\ / \ / ASCII RIBBON CAMPAIGN / For every single problem you can X AGAINST HTML MAIL / find a solution, which is simple, / \ AND POSTINGS / neat and wrong. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message