Date: Thu, 01 Apr 1999 18:36:22 GMT From: jbg@masterplan.org (Jason George) To: freebsd-isp@freebsd.org Subject: Re: IPFW performance impact? Message-ID: <199904011836.LAA01347@gongshow.masterplan.org>
next in thread | raw e-mail | index | archive | help
> >> Right now, i've got close to 2MB out, and 1MB in, with two fxp0 cards, >> and a pretty heavy ruleset (40 rules, that most packets have to pass >> through all of them). >> >> last pid: 26211; load averages: 0.00, 0.00, 0.00 >> 13 processes: 1 running, 12 sleeping >> CPU states: 0.0% user, 0.0% nice, 0.0% system, 6.6% interrupt, 93.4% idle >> >> >> This is on a P/200. > >How much traffic do you have going through at the time you posted this? >This data would be more meaningful if, say, you we're doing an FTP or dump >to a machine just on the other side, so you had lots of traffic. If it's >idle, then it doesn't really matter how many rules or how much you've >got--it'd be as idle on a 386-16. > Exactly. I have a 386-16 routing a 2Mbit SDSL line, a 386-25 routing a 10Mbit cable modem and a 386-33 routing a 1.5M/640k RADSL line line. Each has ~20 rules. I can easily sustain the maximum throughput on the WAN connections with an acceptable CPU impact, even running address translation. Running NAT on the SDSL line, full WAN saturation occurs at the expense of about 50% CPU utilization on the 386-16. Being a glutton for punishment, I run sendmail, qpopper, INN and samba. Nominal throughput on the cable modem system is about 640k, and the 386-25 does a bang-up job. For edge routers providing point-to-point connections, a low-end PC is fine. Multiple (>2) interface systems with complex routing and heavier traffic and firewall rule-matching patterns will really begin to tax low-end hardware. --Jason j.b.george<at>ieee.org jbg<at>masterplan.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904011836.LAA01347>