From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 12 13:42:21 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60C37106568D for ; Sat, 12 Sep 2009 13:42:21 +0000 (UTC) (envelope-from cypher.w@gmail.com) Received: from mail-pz0-f171.google.com (mail-pz0-f171.google.com [209.85.222.171]) by mx1.freebsd.org (Postfix) with ESMTP id 3659E8FC15 for ; Sat, 12 Sep 2009 13:42:20 +0000 (UTC) Received: by pzk1 with SMTP id 1so1036987pzk.13 for ; Sat, 12 Sep 2009 06:42:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=iW4VvqnpbHJ+91axv8gbGblCBIVt5eajQpHwSPkVKn4=; b=WInhhSbdS0hr0kuKKnfmLo3emOeLT9GO9bRPE428vCC4jgPscKoMvnu7CHostr+h8e qSiBU3Fi/yc8Fno+L+FB93rzLhxxEk61iKmJRuialmikbuBLIdKl2wtDL1tfo2RpF4Jc 4KK1tL+uQDboQDDMIv4QAiWGiMQjLjiKAsZ1Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Auh6snwTphoTL+d8Td9BTjKt/S29UtbEhHjEdjpM4Pz3MTUESVWCGfmdtkQ/TAUDHU soqfz4WYIDO0bQDnHOMdxQb+sDSkCj7Q1yH0fd7WFlsurSa9lobBARfbIlIMpdBec7Th bq3I0J/nuVsXCJ4zfFAxNnpEJL/7gzY5KR9Qw= MIME-Version: 1.0 Received: by 10.142.201.10 with SMTP id y10mr326305wff.260.1252762940777; Sat, 12 Sep 2009 06:42:20 -0700 (PDT) In-Reply-To: <20090912131516.GB46135@onelab2.iet.unipi.it> References: <20090912131516.GB46135@onelab2.iet.unipi.it> Date: Sat, 12 Sep 2009 21:42:20 +0800 Message-ID: From: Cypher Wu To: Luigi Rizzo Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-ipfw@freebsd.org Subject: Re: Is there any one who can give me some opinions about the performance bout IPFW? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Sep 2009 13:42:21 -0000 Thanks. I'll keep an eye at the page you said. Right now it seems the link at the end of it only show some perfomance on Dummynet. The platform I'm using has a very different way comparing to the usual platform we are using. It running a embedded Linux, but for the High speed network interface it supplies a way to get Ethernet directly from the interface driver to user space with zero copy, and no stack needed. Why I'm trying IPFW is because it can be used directly in the Ethernet layer, and only a single checkpoint. Thus I can 'create' a mbuf packet using the buffer I've got from interface driver and pass it into ipfw_chk. So what I care about is the performance about IPFW itself. On Sat, Sep 12, 2009 at 9:15 PM, Luigi Rizzo wrote: > On Sat, Sep 12, 2009 at 03:05:51PM +0800, Cypher Wu wrote: >> 1. How many rules configured. >> 2. The general traffic supported. >> 3. Hardware platform. >> ....... >> >> I'm thinking to port IPFW to another platform which can support up to >> 10GbE traffic bidirectional and running in user node, any advise will >> be appreciated. > > i am not entirely clear on what you want to do or know > but at the end of the dummynet page > > http://info.iet.unipi.it/~luigi/dummynet/ > > there are also some papers (and more data should come in the next > couple of weeks) measuring the performance of ipfw. > > On a 2 GHz machine the ipfw overhead alone is 200-500ns per > entry in the firewall, plus another 50ns per rule, and another > 30-50ns per additional microinstruction. > > Most of the overhead comes from the rest of the protocol stack; > between receive, network stack demux and transmit you can easily > consume between 1.5 and 6-7us per packet on the same hardware, > depending on the OS and driver. > > cheers > luigi >