Date: Fri, 1 Dec 2000 01:01:23 -0600 (CST) From: sanjeev singh <remraf@hobbiton.org> To: Ruslan Ermilov <ru@sunbay.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd limiting download speed? Message-ID: <Pine.BSO.4.21.0012010041300.13692-100000@thorin> In-Reply-To: <20001115093938.A36400@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi Ruslan, I tried using ipfilter/ipnat in place of ipfw/natd and got much better performance: ~40% idle cycles during a 4mbps netperf test (as opposed to ~0% idle cycles with natd). Got similar results under a NAT'd download. So, for the record, (at least on 486s) ipfilter/ipnat appears to be almost twice as fast as ipfw/natd. thanks for the tip, - jeev On Wed, 15 Nov 2000, Ruslan Ermilov wrote: > On Tue, Nov 14, 2000 at 05:20:01PM -0600, sanjeev singh wrote: > > > > Hello, > > > > I recently set up an ipfw+natd machine (FreeBSD 3.5.1R) for sharing my = > > cable connection. Unfortunately, natd appears to be limiting the = > > maximum bandwidth available! > > > This is because natd(8) is a userspace solution, and every packet is copied > twice, first from kernel space to user space, and then back from user space > to kernel space. > > > Using netperf, I have established that I can get up to just under 4mbps = > > with natd enabled, and 4.3mbps with it disabled. This might not look = > > like a big deal, except that in the former case, my CPU is fully loaded = > > whereas in the latter it's only at 50%! > > > > Also, when testing high speed downloads (from netscape.com), I get the = > > following results: > > Download speed: ~350+KB/s > > CPU States: 50-60% system, ~35% interrupt and <10% idle > > natd takes up 80% of WCPU and CPU > > > > My firewall machine is a 486/66 (32MB Ram) with an NE2K and a Dec DE = > > 201. Are these results in the ballpark or could I have configured = > > something wrong? > > > > If these results are in the ballpark, what can I do to improve the = > > situation (short of upgrading my firewall machine)? Is there a more = > > CPU-efficient version of natd available? Should I try ipfilter/ipnat? > > > You decide :-) > > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.21.0012010041300.13692-100000>