From owner-freebsd-net@FreeBSD.ORG Mon Jun 21 23:35:12 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E70516A4CE for ; Mon, 21 Jun 2004 23:35:12 +0000 (GMT) Received: from multivac.fatburen.org (multivac.fatburen.org [212.247.27.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C96843D48 for ; Mon, 21 Jun 2004 23:35:11 +0000 (GMT) (envelope-from staffan@ulfberg.se) Received: from multivac.fatburen.org (localhost [127.0.0.1]) i5LNYqDE071299 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Jun 2004 01:34:52 +0200 (CEST) (envelope-from staffan@ulfberg.se) Received: (from staffanu@localhost) by multivac.fatburen.org (8.12.9p2/8.12.11/Submit) id i5LNYpxa071296; Tue, 22 Jun 2004 01:34:51 +0200 (CEST) (envelope-from staffan@ulfberg.se) Sender: staffan@ulfberg.se To: freebsd-net@freebsd.org References: <200406161646.49893.rneese@adelphia.net> <87zn73kmv9.fsf@multivac.fatburen.org> <20040617185902.GA24198@scylla.towardex.com> From: Staffan Ulfberg Date: 22 Jun 2004 01:34:51 +0200 In-Reply-To: <20040617185902.GA24198@scylla.towardex.com> Message-ID: <87oencjxic.fsf@multivac.fatburen.org> Lines: 25 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on multivac.fatburen.org cc: James Subject: Re: IPFW questions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 23:35:12 -0000 I've played around a bit more with my 300 MHz firewall now. Actually, even if I completely disable natd, and use only a single pass-all firewall rule, I can't get over about 30 MBps, at 2500 packets per second, through the machine. (I used netstat -i -b to measure traffic.) I tried the link0 option for both interfaces (fxp), which helped only slightly. (If anyone remembers the original post, I'm testing by transferring files from fxp1 to fxp3.) I also tried compiling a kernel with DEVICE_POLLING. At 500 Hz, routing performance is about the same as with normal interrupts, but with slightly better overall system response. Over that (tried 1000, 2000 Hz) and the system is very unresponsive and I believed it had hanged several times (but it hadn't). BTW, can anyone tell me why the system clock gets slowed down a factor of two or more when using DEVICE_POLLING? (And, of course, if there's a fix...) Is this machine simply too slow to use even as a simple router for 100 Mbps traffic? I must say I'm a bit surprised. Or any tuning suggestions? Staffan