Date: Sat, 12 Sep 2009 15:15:16 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Cypher Wu <cypher.w@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Is there any one who can give me some opinions about the performance bout IPFW? Message-ID: <20090912131516.GB46135@onelab2.iet.unipi.it> In-Reply-To: <f9f38a550909120005q36f46646g49a28bd4f73536b9@mail.gmail.com> References: <f9f38a550909120005q36f46646g49a28bd4f73536b9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 12, 2009 at 03:05:51PM +0800, Cypher Wu wrote: > 1. How many rules configured. > 2. The general traffic supported. > 3. Hardware platform. > ....... > > I'm thinking to port IPFW to another platform which can support up to > 10GbE traffic bidirectional and running in user node, any advise will > be appreciated. i am not entirely clear on what you want to do or know but at the end of the dummynet page http://info.iet.unipi.it/~luigi/dummynet/ there are also some papers (and more data should come in the next couple of weeks) measuring the performance of ipfw. On a 2 GHz machine the ipfw overhead alone is 200-500ns per entry in the firewall, plus another 50ns per rule, and another 30-50ns per additional microinstruction. Most of the overhead comes from the rest of the protocol stack; between receive, network stack demux and transmit you can easily consume between 1.5 and 6-7us per packet on the same hardware, depending on the OS and driver. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090912131516.GB46135>