From owner-freebsd-current@FreeBSD.ORG Wed Aug 16 09:49:58 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB87616A4E0 for ; Wed, 16 Aug 2006 09:49:58 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail24.syd.optusnet.com.au (mail24.syd.optusnet.com.au [211.29.133.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB8EE43D6A for ; Wed, 16 Aug 2006 09:49:50 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail24.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k7G9njrW025668 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 16 Aug 2006 19:49:48 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k7G9nixf001085; Wed, 16 Aug 2006 19:49:44 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k7G9niIJ001084; Wed, 16 Aug 2006 19:49:44 +1000 (EST) (envelope-from peter) Date: Wed, 16 Aug 2006 19:49:44 +1000 From: Peter Jeremy To: Bachilo Dmitry Message-ID: <20060816094944.GC820@turion.vk2pj.dyndns.org> References: <200608151627.37828.root@solink.ru> <20060815130002.M45647@fledge.watson.org> <200608160959.23100.root@solink.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sHrvAb52M6C8blB9" Content-Disposition: inline In-Reply-To: <200608160959.23100.root@solink.ru> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-current@freebsd.org Subject: Re: throughput and interrupts X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 09:49:58 -0000 --sHrvAb52M6C8blB9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 2006-Aug-16 09:59:22 +0700, Bachilo Dmitry wrote: >Oh, it's natd. Now I see, but I just don't get it. I know that natd is not= =20 >efficient but, as I've said, at home I have 9 or almost 10 MB/sec through = the=20 >natd, while at this particular server I see only 3,7 MB maximum. I've trie= d=20 >now to turn all the natting off and tried to download a file and got like = 9=20 >MB/sec, so it is natd who loads the system up. natd runs in userland so every packet has to be pushed out to userland, processed and pushed back into the kernel. The vast majority of the overhead is the userland/kernel transition so natd gives you a basically fixed pps rate. Your throughput will vary depending on the packet size. >Someone advised me to use pf or ipnat, but I never did that before and hea= rd=20 >that this nats have some limitations (like ipnat can't translate icmp pack= ets=20 >or something). Some time ago, I switched from natd to ipnat at work because the overhead was getting too much. (I've also switched hardware so I can't give you direct performance comparisons). I have found some problems with IPfilter in -stable when combining ipfilter/ipnat, stateful filtering and conditional NATing (ie a packet to B gets NAT'd to C only if it came from A). (The same combination works in IPfilter 3.x on Solaris.) Normal filtering and NATing works OK. --=20 Peter Jeremy --sHrvAb52M6C8blB9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE4uo4/opHv/APuIcRAmC4AKCjjwxa5vtniaGmYJnatNt85qerewCfTdc9 35JP6/GA+Il1Gl3MaYXHSMQ= =byFE -----END PGP SIGNATURE----- --sHrvAb52M6C8blB9--