From owner-freebsd-current  Sun Jan  9  3: 4:51 2000
Delivered-To: freebsd-current@freebsd.org
Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4])
	by hub.freebsd.org (Postfix) with ESMTP id 4CE1F151D1
	for <current@FreeBSD.ORG>; Sun,  9 Jan 2000 03:04:39 -0800 (PST)
	(envelope-from freebsd@gndrsh.dnsmgr.net)
Received: (from freebsd@localhost)
	by gndrsh.dnsmgr.net (8.9.3/8.9.3) id DAA18695;
	Sun, 9 Jan 2000 03:04:19 -0800 (PST)
	(envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Message-Id: <200001091104.DAA18695@gndrsh.dnsmgr.net>
Subject: Re: 4.0 slower than 3.4?
In-Reply-To: <200001090359.TAA63459@vashon.polstra.com> from John Polstra at "Jan 8, 2000 07:59:32 pm"
To: jdp@polstra.com (John Polstra)
Date: Sun, 9 Jan 2000 03:04:18 -0800 (PST)
Cc: death@southcom.com.au, current@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> In article <4.2.2.20000109021927.00dba250@mail.southcom.com.au>,
> james  <death@southcom.com.au> wrote:
> 
> > It's interesting though how i had no ipf rules whatsoever, yet it 
> > introduced so much latency, as Alexander has pointed out in another email. 
> > Why is ipf so slow? I was planning on switching from ipfw/natd to 
> > ipf/ipnat, but i don't think i want to now - considering it's so darn slow.
> 
> If you want to do NAT, I can tell you without even trying it that
> ipfilter's NAT will be much faster than natd's.  With natd, every
> packet has to go out from the kernel to userland and back to have its
> headers rewritten.  That's a lot of overhead.  Not so with ipfilter --
> it's all done inside the kernel.

Think SMP, think lots of high speed NIC's, think about multiple divert
rules to seperate natd's, think about the one big kernel lock and then
think about your answer again :-)

(Yes, I know latency will always be slightly longer, but overall
through put can be signficantly higher when packets are passed over
the kernel/user interface due to the big giant kernel lock.)

-- 
Rod Grimes - KD7CAX @ CN85sl - (RWG25)               rgrimes@gndrsh.dnsmgr.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message