From owner-freebsd-current@FreeBSD.ORG  Wed Apr 24 12:11:19 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 4F078B7E;
 Wed, 24 Apr 2013 12:11:19 +0000 (UTC)
 (envelope-from cochard@gmail.com)
Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com
 [IPv6:2607:f8b0:400c:c01::22e])
 by mx1.freebsd.org (Postfix) with ESMTP id 00708113D;
 Wed, 24 Apr 2013 12:11:18 +0000 (UTC)
Received: by mail-ve0-f174.google.com with SMTP id b10so676942vea.5
 for <multiple recipients>; Wed, 24 Apr 2013 05:11:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=x-received:mime-version:sender:in-reply-to:references:from:date
 :x-google-sender-auth:message-id:subject:to:cc:content-type;
 bh=fnfxopM8170+F4mF4VYM/LWP7u5e3wVjnwZ6cvncPE8=;
 b=FZ7Sx5LQGuQHBjx5yLVrjFhyOAZSpuNUdv1yHSYA+oOfUJYEmzsMEV2K5zVUqLcNEv
 WOLElgSfCcS5elj9ct9dP+xMlm6blsT5QqDip/0Jcee+8yVk8obe1C1hn6IkKFvOjtsq
 ax6V6aXyMYexMA0pnENcuGIGM8RNBfmeJVeIl0do5ntbm9A1gFyzoijIU9QbyggQ+rKv
 Ocl20Fxbg9kqv9hO+36qjX2TSzLltClrWDIegAshnu0Tme+XAXPmy0CcBtGCgv/NUucs
 VxHxNlpCspwaHuEr+m3vnKXZhNfdVK9mgFFyIHbjc28I9loxMvqv17v9SHO3IwsK+jGV
 8n3w==
X-Received: by 10.59.11.199 with SMTP id ek7mr25203600ved.19.1366805478562;
 Wed, 24 Apr 2013 05:11:18 -0700 (PDT)
MIME-Version: 1.0
Sender: cochard@gmail.com
Received: by 10.59.9.103 with HTTP; Wed, 24 Apr 2013 05:10:58 -0700 (PDT)
In-Reply-To: <CAEW+ogY+OmtqS7S1OOHXL8LnYSur5nfpJnvi=aM6vjCKH124Hw@mail.gmail.com>
References: <CA+q+TcpghAtae7+uXehxP9+tNh1TiTzxOShDNkLt_xSrgoBGdA@mail.gmail.com>
 <CAEW+ogY+OmtqS7S1OOHXL8LnYSur5nfpJnvi=aM6vjCKH124Hw@mail.gmail.com>
From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me>
Date: Wed, 24 Apr 2013 14:10:58 +0200
X-Google-Sender-Auth: loOTZXIuqfsVXS_vOYDLgNy_bXM
Message-ID: <CA+q+TcreMSc4q-YVaCxEsw=qkpLUwHa3SZ+4G+ECjNQROp9qjw@mail.gmail.com>
Subject: Re: forwarding/ipfw/pf evolution (in pps) on -current
To: Sami Halabi <sodynet1@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
 "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2013 12:11:19 -0000

On Wed, Apr 24, 2013 at 1:46 PM, Sami Halabi <sodynet1@gmail.com> wrote:
> Oliver,
> Great and impressive job.

Thanks,

> 3. there some point of improved performance (without fw) that went down
> again somewhere before Clang got prod.

=> Yes, I'm still working on detected the commit that create this degradation.

> For now i would continue using ipfw :-)

Don't use this bench for comparing pf and ipfw performance: Using the
single parameter "small packet per second throughput" is not enough
for comparing firewalls performance.

If you read RFC3511 (Benchmarking Methodology for Firewall
Performance) you will notice that we need to compare lot's more
parameters like:
- IP throughput
- Concurrent TCP Connection Capacity
- Maximum TCP Connection Establishment Rate
- Maximum TCP Connection Tear Down Rate
- Denial Of Service Handling
- HTTP Transfer Rate
- Maximum HTTP Transaction Rate
- Illegal Traffic Handling
- IP Fragmentation Handling
- Latency
- etc...
And I want to add another: High availability feature like with pfsync :-)

Regards,

Olivier