Date: Wed, 24 Apr 2013 14:10:58 +0200 From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me> To: Sami Halabi <sodynet1@gmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: Re: forwarding/ipfw/pf evolution (in pps) on -current Message-ID: <CA%2Bq%2BTcreMSc4q-YVaCxEsw=qkpLUwHa3SZ%2B4G%2BECjNQROp9qjw@mail.gmail.com> In-Reply-To: <CAEW%2BogY%2BOmtqS7S1OOHXL8LnYSur5nfpJnvi=aM6vjCKH124Hw@mail.gmail.com> References: <CA%2Bq%2BTcpghAtae7%2BuXehxP9%2BtNh1TiTzxOShDNkLt_xSrgoBGdA@mail.gmail.com> <CAEW%2BogY%2BOmtqS7S1OOHXL8LnYSur5nfpJnvi=aM6vjCKH124Hw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 24, 2013 at 1:46 PM, Sami Halabi <sodynet1@gmail.com> wrote: > Oliver, > Great and impressive job. Thanks, > 3. there some point of improved performance (without fw) that went down > again somewhere before Clang got prod. => Yes, I'm still working on detected the commit that create this degradation. > For now i would continue using ipfw :-) Don't use this bench for comparing pf and ipfw performance: Using the single parameter "small packet per second throughput" is not enough for comparing firewalls performance. If you read RFC3511 (Benchmarking Methodology for Firewall Performance) you will notice that we need to compare lot's more parameters like: - IP throughput - Concurrent TCP Connection Capacity - Maximum TCP Connection Establishment Rate - Maximum TCP Connection Tear Down Rate - Denial Of Service Handling - HTTP Transfer Rate - Maximum HTTP Transaction Rate - Illegal Traffic Handling - IP Fragmentation Handling - Latency - etc... And I want to add another: High availability feature like with pfsync :-) Regards, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcreMSc4q-YVaCxEsw=qkpLUwHa3SZ%2B4G%2BECjNQROp9qjw>