From owner-freebsd-isp Thu Apr 1 10:37:18 1999 Delivered-To: freebsd-isp@freebsd.org Received: from gongshow.masterplan.org (masterplan.powersurfr.com [24.108.43.174]) by hub.freebsd.org (Postfix) with ESMTP id F2B8D14D03 for ; Thu, 1 Apr 1999 10:37:15 -0800 (PST) (envelope-from jbg@masterplan.org) Received: from axe.precident.com (axe.masterplan.org [192.168.4.6]) by gongshow.masterplan.org (8.8.8/8.8.8) with SMTP id LAA01347 for ; Thu, 1 Apr 1999 11:36:54 -0700 (MST) (envelope-from jbg@masterplan.org) Message-Id: <199904011836.LAA01347@gongshow.masterplan.org> From: jbg@masterplan.org (Jason George) To: freebsd-isp@freebsd.org Subject: Re: IPFW performance impact? Date: Thu, 01 Apr 1999 18:36:22 GMT Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >> Right now, i've got close to 2MB out, and 1MB in, with two fxp0 cards, >> and a pretty heavy ruleset (40 rules, that most packets have to pass >> through all of them). >> >> last pid: 26211; load averages: 0.00, 0.00, 0.00 >> 13 processes: 1 running, 12 sleeping >> CPU states: 0.0% user, 0.0% nice, 0.0% system, 6.6% interrupt, 93.4% idle >> >> >> This is on a P/200. > >How much traffic do you have going through at the time you posted this? >This data would be more meaningful if, say, you we're doing an FTP or dump >to a machine just on the other side, so you had lots of traffic. If it's >idle, then it doesn't really matter how many rules or how much you've >got--it'd be as idle on a 386-16. > Exactly. I have a 386-16 routing a 2Mbit SDSL line, a 386-25 routing a 10Mbit cable modem and a 386-33 routing a 1.5M/640k RADSL line line. Each has ~20 rules. I can easily sustain the maximum throughput on the WAN connections with an acceptable CPU impact, even running address translation. Running NAT on the SDSL line, full WAN saturation occurs at the expense of about 50% CPU utilization on the 386-16. Being a glutton for punishment, I run sendmail, qpopper, INN and samba. Nominal throughput on the cable modem system is about 640k, and the 386-25 does a bang-up job. For edge routers providing point-to-point connections, a low-end PC is fine. Multiple (>2) interface systems with complex routing and heavier traffic and firewall rule-matching patterns will really begin to tax low-end hardware. --Jason j.b.georgeieee.org jbgmasterplan.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message