Date: Tue, 25 Oct 2011 11:36:47 -0400 From: Karim <fodillemlinkarim@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw rule processing performances Message-ID: <4EA6D78F.6010607@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I am using ipfw with a fairly small amount of rules (~200). Most of those are skipto rules to different blocking and pass-through blocks. I use ipfw tags, ALTQ, nat, fwd and several deny and allow rules and I do not use/need tables. What I find is around 400Mbps of traffic (~40kpps) an extremely high amount of cpu usage related to firewall processing. What I would like to know is if there is an ongoing work to optimise ipfw and/or gather ideas on how to do that. I realise my question has a large scope but I am not interested in optimizing my ruleset I'd like to get a feel for how code wise the current processing could be optimized (using multiple input TX/RX queues for example, etc...). Thanks, Karim.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EA6D78F.6010607>