Date: Wed, 16 Aug 2006 19:49:44 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Bachilo Dmitry <root@solink.ru> Cc: freebsd-current@freebsd.org Subject: Re: throughput and interrupts Message-ID: <20060816094944.GC820@turion.vk2pj.dyndns.org> In-Reply-To: <200608160959.23100.root@solink.ru> References: <200608151627.37828.root@solink.ru> <20060815130002.M45647@fledge.watson.org> <200608160959.23100.root@solink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--sHrvAb52M6C8blB9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 2006-Aug-16 09:59:22 +0700, Bachilo Dmitry wrote: >Oh, it's natd. Now I see, but I just don't get it. I know that natd is not= =20 >efficient but, as I've said, at home I have 9 or almost 10 MB/sec through = the=20 >natd, while at this particular server I see only 3,7 MB maximum. I've trie= d=20 >now to turn all the natting off and tried to download a file and got like = 9=20 >MB/sec, so it is natd who loads the system up. natd runs in userland so every packet has to be pushed out to userland, processed and pushed back into the kernel. The vast majority of the overhead is the userland/kernel transition so natd gives you a basically fixed pps rate. Your throughput will vary depending on the packet size. >Someone advised me to use pf or ipnat, but I never did that before and hea= rd=20 >that this nats have some limitations (like ipnat can't translate icmp pack= ets=20 >or something). Some time ago, I switched from natd to ipnat at work because the overhead was getting too much. (I've also switched hardware so I can't give you direct performance comparisons). I have found some problems with IPfilter in -stable when combining ipfilter/ipnat, stateful filtering and conditional NATing (ie a packet to B gets NAT'd to C only if it came from A). (The same combination works in IPfilter 3.x on Solaris.) Normal filtering and NATing works OK. --=20 Peter Jeremy --sHrvAb52M6C8blB9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE4uo4/opHv/APuIcRAmC4AKCjjwxa5vtniaGmYJnatNt85qerewCfTdc9 35JP6/GA+Il1Gl3MaYXHSMQ= =byFE -----END PGP SIGNATURE----- --sHrvAb52M6C8blB9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060816094944.GC820>