From owner-freebsd-questions@FreeBSD.ORG Mon Feb 15 01:56:16 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12E081065679 for ; Mon, 15 Feb 2010 01:56:16 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-ew0-f211.google.com (mail-ew0-f211.google.com [209.85.219.211]) by mx1.freebsd.org (Postfix) with ESMTP id 9B08C8FC13 for ; Mon, 15 Feb 2010 01:56:15 +0000 (UTC) Received: by ewy3 with SMTP id 3so4654269ewy.13 for ; Sun, 14 Feb 2010 17:56:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=RIOVU/BR9ZDgzFxwONqRfdhx9mo39qeQJDv9KF6SVhk=; b=fcIOsMl1qoS04UHIo/NMwrIcQML5aB0bI5oaxRYd/Xkpv2j3TRu5YyUkTdA5ELHpFk IFRPuARuZfnYkMHGqGJzmHxXGLMyDAW+VG21FBzQnFr0NzJMB4t/uGq5WYAFsZTPG5Rv 9ddoHr2ftyL1F7C2s7wAnggZyPxIITHoN55tc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=opnV3qt8MrUDxUPrYiJmMjhu1oza/p5chH2+N4YkMqZl7x+2tyz1aUrQltqWpk/H3c MHcPKFpaPBn7wXFZkYYdmKtysFZ51AD/tcgtbRCYcixQ54os88I8nKpC+Q88qMkE3uWt +udUtc2uKcN74XN5AIA4RrpOsOWYN2mdmh598= MIME-Version: 1.0 Received: by 10.213.76.65 with SMTP id b1mr677204ebk.49.1266198974531; Sun, 14 Feb 2010 17:56:14 -0800 (PST) In-Reply-To: <20100214161855.06d3d5451f83c4ebc8f77ad593ef1f45.525f4ce7ed.wbe@email06.secureserver.net> References: <20100214161855.06d3d5451f83c4ebc8f77ad593ef1f45.525f4ce7ed.wbe@email06.secureserver.net> Date: Sun, 14 Feb 2010 19:56:14 -0600 Message-ID: <179b97fb1002141756u32629c21qc32dc488e1048823@mail.gmail.com> From: Brandon Gooch To: cio@opsylon.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: Maximum Static NAT sessions under FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2010 01:56:16 -0000 On Sun, Feb 14, 2010 at 5:18 PM, wrote: > > =A0 Hello, > > =A0 I was wondering if anyone could t ell me what is the maximum number > =A0 of static IP NAT sessions FreeBSD can sup port and what are the > =A0 limiting factors (memory, bus speed, software release , forks, etc)? > > =A0 Kind regards, > > =A0 < div> > > =A0 David Bennett I'm statically NAT-ting 1024 addresses using the in-kernel NAT via ipfw. I increased NAT_BUF_LEN in sys/netinet/ip_fw.h from 1024 to 65536 to accommodate the number of rules. Performance is good; I'm also using dummynet to throttle bandwidth for each IP. I don't know enough about FreeBSD's internals to give you info on performance or limiting factors, although I suppose you want a reasonably powerful CPU (especially if you're using dummynet), but memory doesn't seem to be a problem: last pid: 42109; load averages: 0.97, 0.98, 0.84 up 163+06:11:06 20:3= 3:51 32 processes: 1 running, 31 sleeping CPU: 0.2% user, 0.0% nice, 50.4% system, 21.6% interrupt, 27.8% idle Mem: 45M Active, 662M Inact, 203M Wired, 5152K Cache, 111M Buf, 81M Free Swap: 2048M Total, 2048M Free It's on a 45 Mbit DS3 (symmetric). The top(1) output above is at about 10 Mbits Rx and 6 Mbits Tx on the box. -Brandon