Date: Mon, 19 Jul 2010 09:19:12 +0000 (UTC) From: Vadim Goncharov <vadim_nuclight@mail.ru> To: freebsd-performance@freebsd.org Subject: Re: pf nat & ipfw kernel nat & ng_nat - what uses less computer resources? Message-ID: <slrni4864g.2bj1.vadim_nuclight@kernblitz.nuclight.avtf.net> References: <28778099.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Nikol@y! On Fri, 4 Jun 2010 03:19:41 -0700 (PDT); Nikol@y wrote about 'pf nat & ipfw kernel nat & ng_nat - what uses less computer resources?': > We have a network. Now we are using pf NAT. But we are interested in some > question: > 1. What type of NAT uses less computer resources? > a) pf NAT > b) ipfw kernel NAT > c) NG_NAT ? AFAIK, ipfw nat uses slightly less resources than ng_nat (not significant), and pf uses more reosurces than two others. > 2. BINAT or NAT - what is better? Which one of them is more faster and uses > less computer resources with one of firewall? In theory I think that BINAT > faster than NAT, because there is no necessary to track connections. Not in implementation, it always does. > 3. I know that the firewall PF does not support threads. I read that IPFW is > (in FreeBSD 8.0, for example). But in my test I haven`t seen threads when > used IPFW. Maybe there are some special options to compile kernel or > configure IPFW? For tests I compiled kernel with: There are no special threads for ipfw, it runs in the context of other threads (driver, netisr or swi1, depending on settings and compile options). > 4. I can`t find any information about BINAT in ipfw+ng_nat? Does anyone use > this technology? Or maybe you know interesting information about it? It is no "so binat" as in pf, but it can be emulated. Read these: man natd man libalias man ng_nat and use redirect_address (all three use the same underlying libalias, so even for different implementations techniques are valid). -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrni4864g.2bj1.vadim_nuclight>