From owner-freebsd-net@FreeBSD.ORG  Mon Aug 13 12:49:24 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0498D106566B
	for <net@freebsd.org>; Mon, 13 Aug 2012 12:49:24 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238])
	by mx1.freebsd.org (Postfix) with ESMTP id B47DF8FC0A
	for <net@freebsd.org>; Mon, 13 Aug 2012 12:49:23 +0000 (UTC)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
	id 1DE087300A; Mon, 13 Aug 2012 15:08:17 +0200 (CEST)
Date: Mon, 13 Aug 2012 15:08:17 +0200
From: Luigi Rizzo <rizzo@iet.unipi.it>
To: Olivier Cochard-Labb? <olivier@cochard.me>
Message-ID: <20120813130817.GB80897@onelab2.iet.unipi.it>
References: <20120813111722.GA79347@onelab2.iet.unipi.it>
	<CA+q+TcqCG9sGH5aZwQvpc77Yi1XBTMXJr7QdADySX7iBOQH9YA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+q+TcqCG9sGH5aZwQvpc77Yi1XBTMXJr7QdADySX7iBOQH9YA@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: net@freebsd.org
Subject: Re: ipfw meets netmap (6.5 Mpps in userspace)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2012 12:49:24 -0000

On Mon, Aug 13, 2012 at 02:42:43PM +0200, Olivier Cochard-Labb? wrote:
> On Mon, Aug 13, 2012 at 1:17 PM, Luigi Rizzo <rizzo@iet.unipi.it> wrote:
> > I just finished a netmap-enabled version of ipfw/dummynet, which
> > runs in userspace and is able to process over 6 million packets per
> > second (Mpps) with simple rulesets, and over 2.2 Mpps through
> > dummynet pipes (tested on an i7-3400 connected to VALE ports;
> > VALE is a software switch part of netmap).
> 
> Hi,
> 
> Reading the README file: "Real packet I/O is possible using netmap",
> Can we use it for high-speed firewalling among real NICs now?
> 
> Can you confirm that we just need:
> 1. An up-to-date FreeBSD -current (build from source synced the
> 2012-08-03 mininum) with netmap module loaded;
> 2. netmap compliant NICs (ixgbe, e1000 or re);
> 3. compile, configure and start ipfw-user.
> 
> Can ipfw-user be directly connected to two netmap-enabled NICs in
> place of vale switches->netmap bridge->NIC ?

yes to all three (though i have not tried yet as i do not have
access to 10G hardware now, vale ports behave exactly the same
as a real card).
Whoever feels like trying, performance numbers are welcome.
I'll prepare a picobsd image with all the tools shortly.

cheers
luigi

> 
> Olivier