From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 9 15:02:15 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 742531065674; Sat, 9 Jun 2012 15:02:15 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 2D9188FC17; Sat, 9 Jun 2012 15:02:14 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id E5A947300B; Sat, 9 Jun 2012 17:21:01 +0200 (CEST) Date: Sat, 9 Jun 2012 17:21:01 +0200 From: Luigi Rizzo To: "Alexander V. Chernikov" Message-ID: <20120609152101.GA39170@onelab2.iet.unipi.it> References: <4FD3224A.3080700@FreeBSD.org> <4FD3352F.5060007@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FD3352F.5060007@FreeBSD.org> User-Agent: Mutt/1.4.2.3i Cc: freebsd-net@freebsd.org, Sami Halabi , freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 15:02:15 -0000 On Sat, Jun 09, 2012 at 03:36:15PM +0400, Alexander V. Chernikov wrote: > On 09.06.2012 15:19, Sami Halabi wrote: > >Hi, > >all rules togther less than 80 rules.... > However, it is too much. > You should reduce this to 10 rules or less (at least for main traffic flow). you should definitely try hard to use tablearg or similar tricks to reduce the number of rules traversed. A couple of years ago we did some detailed measurement of the cost of the various operations, see "Dummynet revisited" and "An emulation tool for PlanetLab" at http://info.iet.unipi.it/~luigi/research.html cheers luigi