From owner-freebsd-net@FreeBSD.ORG  Fri Feb 10 20:55:27 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 07D0516A420
	for <freebsd-net@freebsd.org>; Fri, 10 Feb 2006 20:55:27 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from a50.ironport.com (a50.ironport.com [63.251.108.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA92E43D48
	for <freebsd-net@freebsd.org>; Fri, 10 Feb 2006 20:55:26 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from unknown (HELO [10.251.23.146]) ([10.251.23.146])
	by a50.ironport.com with ESMTP; 10 Feb 2006 12:55:24 -0800
Message-ID: <43ECFDBD.3020606@elischer.org>
Date: Fri, 10 Feb 2006 12:55:25 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
	rv:1.7.11) Gecko/20050727
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Marcos Bedinelli <bedinelli@madhaus.cns.utoronto.ca>
References: <7bb8f24157080b6aaacb897a99259df9@madhaus.cns.utoronto.ca>	<43ECB1E7.8010308@mac.com>
	<711b7ec873f31bc5be50ce477313fac3@madhaus.cns.utoronto.ca>
	<43ECEF7C.2090101@elischer.org>
	<b9265a86721e4c9dec1e86423ebcd267@madhaus.cns.utoronto.ca>
In-Reply-To: <b9265a86721e4c9dec1e86423ebcd267@madhaus.cns.utoronto.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: Network performance in a dual CPU system
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2006 20:55:27 -0000

Marcos Bedinelli wrote:

> Hi Julian,
>
>
> On 10-Feb-06, at 14:54, Julian Elischer wrote:
>
>> I have found that most people can optimise there ipfw rulests 
>> considerably.
>>
>> for example: a first rule of:
>> 1 allow ip from any to any in recv {inside interfacfe}
>> 2 allow ip from any to any out xmit {inside interface}
>> will cut your ipfw load by 50% immediatly.
>> (you should only be filterring on one interface usually)
>>
>> use 'skipto' rules to immediatly send incoming and outgoing data to 
>> different rules sets.
>>
>> etc.
>> (I you want to privatly send me your ruleset I can probably help you 
>> do this)
>>
>> julian
>
>
>
> Thank you very much for your input and kind offer.
>
> Not long ago I removed the entire ruleset on that machine and the 
> impact was minimal (i.e., CPU utilization was still above 98%).


yes but throughput probably went up ;-)

>
>
> Nevertheless, I am sure my ruleset can benefit from some polishing. I 
> would like to take the liberty of writing to you in the future to 
> exchange some ideas, provided you have no objections.


whenever you are would like to ..

>
> Thanks!
>
> -- 
> Marcos