From owner-freebsd-questions Thu Nov 30 23: 7:23 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hobbiton.org (thorin.hobbiton.org [216.161.236.98]) by hub.freebsd.org (Postfix) with ESMTP id 5227C37B400 for ; Thu, 30 Nov 2000 23:07:18 -0800 (PST) Received: from localhost (remraf@localhost) by hobbiton.org (8.10.1/8.10.1) with ESMTP id eB171Nb26726; Fri, 1 Dec 2000 01:01:31 -0600 (CST) Date: Fri, 1 Dec 2000 01:01:23 -0600 (CST) From: sanjeev singh X-Sender: remraf@thorin To: Ruslan Ermilov Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd limiting download speed? In-Reply-To: <20001115093938.A36400@sunbay.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi Ruslan, I tried using ipfilter/ipnat in place of ipfw/natd and got much better performance: ~40% idle cycles during a 4mbps netperf test (as opposed to ~0% idle cycles with natd). Got similar results under a NAT'd download. So, for the record, (at least on 486s) ipfilter/ipnat appears to be almost twice as fast as ipfw/natd. thanks for the tip, - jeev On Wed, 15 Nov 2000, Ruslan Ermilov wrote: > On Tue, Nov 14, 2000 at 05:20:01PM -0600, sanjeev singh wrote: > > > > Hello, > > > > I recently set up an ipfw+natd machine (FreeBSD 3.5.1R) for sharing my = > > cable connection. Unfortunately, natd appears to be limiting the = > > maximum bandwidth available! > > > This is because natd(8) is a userspace solution, and every packet is copied > twice, first from kernel space to user space, and then back from user space > to kernel space. > > > Using netperf, I have established that I can get up to just under 4mbps = > > with natd enabled, and 4.3mbps with it disabled. This might not look = > > like a big deal, except that in the former case, my CPU is fully loaded = > > whereas in the latter it's only at 50%! > > > > Also, when testing high speed downloads (from netscape.com), I get the = > > following results: > > Download speed: ~350+KB/s > > CPU States: 50-60% system, ~35% interrupt and <10% idle > > natd takes up 80% of WCPU and CPU > > > > My firewall machine is a 486/66 (32MB Ram) with an NE2K and a Dec DE = > > 201. Are these results in the ballpark or could I have configured = > > something wrong? > > > > If these results are in the ballpark, what can I do to improve the = > > situation (short of upgrading my firewall machine)? Is there a more = > > CPU-efficient version of natd available? Should I try ipfilter/ipnat? > > > You decide :-) > > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message