Date: Sat, 21 Oct 2006 16:09:57 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-net@freebsd.org Subject: Re: Avoiding natd overhead Message-ID: <20061021160957.13cceaeb@localhost> In-Reply-To: <453A20B5.9010108@austin.rr.com> References: <200610210648.AAA01737@lariat.net> <453A20B5.9010108@austin.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_ilQuS=KB0VqxiwlYuoXMJ/k Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Chris Bowman <chrishome@austin.rr.com> wrote: > I see this question come up now and then on the lists, so, I'll share=20 > what I've learned about natd and performance! First, if your running=20 > natd on a processor which supports more functions than just a standard=20 > 386, ie a Pentium, Athlon, etc. Then I've found compiling natd with=20 > make flags for that processor, and with O3 optimizations will make your=20 > jaw drop in comparison to the default installed version of natd. I've learned that if you care about NAT overhead you just don't use natd. I run two jailed Tor nodes on a Intel Celeron 2.40GHz. With PF disabled and NAT done with natd, natd uses something between 20 and 30% of the cpu time. With PF (filtering, NAT, queueing) enabled I don't see a measurable increase of cpu usage at all. I haven't tried recompiling natd with customized flags, but I doubt that it helps enough to overlook the context switch penalty. Fabian --=20 http://www.fabiankeil.de/ --Sig_ilQuS=KB0VqxiwlYuoXMJ/k Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFOio/BYqIVf93VJ0RAoikAJ0Qdswoo2ahiZ57vmKJHp8frZn+YgCeM/gI StNziirBpJ2IBA2/VSE/Oxg= =QLgn -----END PGP SIGNATURE----- --Sig_ilQuS=KB0VqxiwlYuoXMJ/k--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061021160957.13cceaeb>