Date: Sat, 9 Jun 2012 17:21:01 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: "Alexander V. Chernikov" <melifaro@freebsd.org> Cc: freebsd-net@freebsd.org, Sami Halabi <sodynet1@gmail.com>, freebsd-ipfw@freebsd.org Subject: Re: ipfw rules consuming CPU Message-ID: <20120609152101.GA39170@onelab2.iet.unipi.it> In-Reply-To: <4FD3352F.5060007@FreeBSD.org> References: <CAEW%2BogZyzX6Witnx_TN0bhpygpQYb0E8xEPt8HpCFYj6yUeSRA@mail.gmail.com> <4FD3224A.3080700@FreeBSD.org> <CAEW%2BogZhDxkydL9fMUXVdPVfe2AU=UOMg=7TaZKA0tdMxWWNOA@mail.gmail.com> <4FD3352F.5060007@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 09, 2012 at 03:36:15PM +0400, Alexander V. Chernikov wrote: > On 09.06.2012 15:19, Sami Halabi wrote: > >Hi, > >all rules togther less than 80 rules.... > However, it is too much. > You should reduce this to 10 rules or less (at least for main traffic flow). you should definitely try hard to use tablearg or similar tricks to reduce the number of rules traversed. A couple of years ago we did some detailed measurement of the cost of the various operations, see "Dummynet revisited" and "An emulation tool for PlanetLab" at http://info.iet.unipi.it/~luigi/research.html cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120609152101.GA39170>