Date: Sun, 9 Jan 2000 03:04:18 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: jdp@polstra.com (John Polstra) Cc: death@southcom.com.au, current@FreeBSD.ORG Subject: Re: 4.0 slower than 3.4? Message-ID: <200001091104.DAA18695@gndrsh.dnsmgr.net> In-Reply-To: <200001090359.TAA63459@vashon.polstra.com> from John Polstra at "Jan 8, 2000 07:59:32 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> In article <4.2.2.20000109021927.00dba250@mail.southcom.com.au>, > james <death@southcom.com.au> wrote: > > > It's interesting though how i had no ipf rules whatsoever, yet it > > introduced so much latency, as Alexander has pointed out in another email. > > Why is ipf so slow? I was planning on switching from ipfw/natd to > > ipf/ipnat, but i don't think i want to now - considering it's so darn slow. > > If you want to do NAT, I can tell you without even trying it that > ipfilter's NAT will be much faster than natd's. With natd, every > packet has to go out from the kernel to userland and back to have its > headers rewritten. That's a lot of overhead. Not so with ipfilter -- > it's all done inside the kernel. Think SMP, think lots of high speed NIC's, think about multiple divert rules to seperate natd's, think about the one big kernel lock and then think about your answer again :-) (Yes, I know latency will always be slightly longer, but overall through put can be signficantly higher when packets are passed over the kernel/user interface due to the big giant kernel lock.) -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001091104.DAA18695>