Date: Mon, 13 Aug 2012 15:08:17 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Olivier Cochard-Labb? <olivier@cochard.me> Cc: net@freebsd.org Subject: Re: ipfw meets netmap (6.5 Mpps in userspace) Message-ID: <20120813130817.GB80897@onelab2.iet.unipi.it> In-Reply-To: <CA%2Bq%2BTcqCG9sGH5aZwQvpc77Yi1XBTMXJr7QdADySX7iBOQH9YA@mail.gmail.com> References: <20120813111722.GA79347@onelab2.iet.unipi.it> <CA%2Bq%2BTcqCG9sGH5aZwQvpc77Yi1XBTMXJr7QdADySX7iBOQH9YA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 13, 2012 at 02:42:43PM +0200, Olivier Cochard-Labb? wrote: > On Mon, Aug 13, 2012 at 1:17 PM, Luigi Rizzo <rizzo@iet.unipi.it> wrote: > > I just finished a netmap-enabled version of ipfw/dummynet, which > > runs in userspace and is able to process over 6 million packets per > > second (Mpps) with simple rulesets, and over 2.2 Mpps through > > dummynet pipes (tested on an i7-3400 connected to VALE ports; > > VALE is a software switch part of netmap). > > Hi, > > Reading the README file: "Real packet I/O is possible using netmap", > Can we use it for high-speed firewalling among real NICs now? > > Can you confirm that we just need: > 1. An up-to-date FreeBSD -current (build from source synced the > 2012-08-03 mininum) with netmap module loaded; > 2. netmap compliant NICs (ixgbe, e1000 or re); > 3. compile, configure and start ipfw-user. > > Can ipfw-user be directly connected to two netmap-enabled NICs in > place of vale switches->netmap bridge->NIC ? yes to all three (though i have not tried yet as i do not have access to 10G hardware now, vale ports behave exactly the same as a real card). Whoever feels like trying, performance numbers are welcome. I'll prepare a picobsd image with all the tools shortly. cheers luigi > > Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120813130817.GB80897>