From owner-freebsd-net@FreeBSD.ORG Sat Oct 21 14:10:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C145416A494 for ; Sat, 21 Oct 2006 14:10:40 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay04.ispgateway.de (smtprelay04.ispgateway.de [80.67.18.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id B07A343DBA for ; Sat, 21 Oct 2006 14:10:17 +0000 (GMT) (envelope-from freebsd-listen@fabiankeil.de) Received: (qmail 26351 invoked from network); 21 Oct 2006 14:10:15 -0000 Received: from unknown (HELO localhost) (775067@[217.50.142.179]) (envelope-sender ) by smtprelay04.ispgateway.de (qmail-ldap-1.03) with SMTP for ; 21 Oct 2006 14:10:15 -0000 Date: Sat, 21 Oct 2006 16:09:57 +0200 From: Fabian Keil To: freebsd-net@freebsd.org Message-ID: <20061021160957.13cceaeb@localhost> In-Reply-To: <453A20B5.9010108@austin.rr.com> References: <200610210648.AAA01737@lariat.net> <453A20B5.9010108@austin.rr.com> X-Mailer: Sylpheed-Claws 2.5.2 (GTK+ 2.10.6; i386-portbld-freebsd6.2) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2008-08-18.asc Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_ilQuS=KB0VqxiwlYuoXMJ/k"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Subject: Re: Avoiding natd overhead X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Oct 2006 14:10:40 -0000 --Sig_ilQuS=KB0VqxiwlYuoXMJ/k Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Chris Bowman wrote: > I see this question come up now and then on the lists, so, I'll share=20 > what I've learned about natd and performance! First, if your running=20 > natd on a processor which supports more functions than just a standard=20 > 386, ie a Pentium, Athlon, etc. Then I've found compiling natd with=20 > make flags for that processor, and with O3 optimizations will make your=20 > jaw drop in comparison to the default installed version of natd. I've learned that if you care about NAT overhead you just don't use natd. I run two jailed Tor nodes on a Intel Celeron 2.40GHz. With PF disabled and NAT done with natd, natd uses something between 20 and 30% of the cpu time. With PF (filtering, NAT, queueing) enabled I don't see a measurable increase of cpu usage at all. I haven't tried recompiling natd with customized flags, but I doubt that it helps enough to overlook the context switch penalty. Fabian --=20 http://www.fabiankeil.de/ --Sig_ilQuS=KB0VqxiwlYuoXMJ/k Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFOio/BYqIVf93VJ0RAoikAJ0Qdswoo2ahiZ57vmKJHp8frZn+YgCeM/gI StNziirBpJ2IBA2/VSE/Oxg= =QLgn -----END PGP SIGNATURE----- --Sig_ilQuS=KB0VqxiwlYuoXMJ/k--