From owner-freebsd-questions  Tue Nov 14 23:40: 6 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP id 4908E37B4C5
	for <freebsd-questions@FreeBSD.ORG>; Tue, 14 Nov 2000 23:39:58 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.0/8.11.0) id eAF7dc736692;
	Wed, 15 Nov 2000 09:39:38 +0200 (EET)
	(envelope-from ru)
Date: Wed, 15 Nov 2000 09:39:38 +0200
From: Ruslan Ermilov <ru@sunbay.com>
To: sanjeev singh <remraf@hobbiton.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd limiting download speed?
Message-ID: <20001115093938.A36400@sunbay.com>
Mail-Followup-To: sanjeev singh <remraf@hobbiton.org>,
	freebsd-questions@FreeBSD.ORG
References: <Pine.BSO.4.21.0011141717490.22743-100000@thorin>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSO.4.21.0011141717490.22743-100000@thorin>; from remraf@hobbiton.org on Tue, Nov 14, 2000 at 05:20:01PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Nov 14, 2000 at 05:20:01PM -0600, sanjeev singh wrote:
> 
>  Hello,
> 
>  I recently set up an ipfw+natd machine (FreeBSD 3.5.1R) for sharing my =
>  cable connection.  Unfortunately, natd appears to be limiting the =
>  maximum bandwidth available!
> 
This is because natd(8) is a userspace solution, and every packet is copied
twice, first from kernel space to user space, and then back from user space
to kernel space.

>  Using netperf, I have established that I can get up to just under 4mbps =
>  with natd enabled, and 4.3mbps with it disabled.  This might not look =
>  like a big deal, except that in the former case, my CPU is fully loaded =
>  whereas in the latter it's only at 50%!
> 
>  Also, when testing high speed downloads (from netscape.com), I get the =
>  following results:
>  Download speed: ~350+KB/s
>  CPU States: 50-60% system, ~35% interrupt and <10% idle
>  natd takes up 80% of WCPU and CPU
> 
>  My firewall machine is a 486/66 (32MB Ram) with an NE2K and a Dec DE =
>  201.  Are these results in the ballpark or could I have configured =
>  something wrong?
> 
>  If these results are in the ballpark, what can I do to improve the =
>  situation (short of upgrading my firewall machine)?  Is there a more =
>  CPU-efficient version of natd available?  Should I try ipfilter/ipnat?
> 
You decide :-)

-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message