From owner-freebsd-ipfw@FreeBSD.ORG  Thu Mar 27 17:37:39 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4F7D21065672
	for <freebsd-ipfw@freebsd.org>; Thu, 27 Mar 2008 17:37:39 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.freebsd.org (Postfix) with ESMTP id B78338FC25
	for <freebsd-ipfw@freebsd.org>; Thu, 27 Mar 2008 17:37:38 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: (qmail 27041 invoked from network); 27 Mar 2008 16:20:24 -0000
Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47])
	(envelope-sender <andre@freebsd.org>)
	by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
	for <rwatson@FreeBSD.org>; 27 Mar 2008 16:20:24 -0000
Message-ID: <47EBD520.8050305@freebsd.org>
Date: Thu, 27 Mar 2008 18:10:56 +0100
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.8b) Gecko/20050217
MIME-Version: 1.0
To: Robert Watson <rwatson@FreeBSD.org>
References: <slrnfud9lu.1rus.vadim_nuclight@hostel.avtf.net>	<47E79636.1000909@FreeBSD.org>
	<47E7EAA8.7020101@elischer.org>	<ea7b9c170803250203l6e3769ablcba65df6c1f5a4b6@mail.gmail.com>
	<20080325094400.I6905@fledge.watson.org>
In-Reply-To: <20080325094400.I6905@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Sepherosa Ziehau <sepherosa@gmail.com>, freebsd-hackers@freebsd.org,
	araujo@freebsd.org, vadim_nuclight@mail.ru,
	freebsd-ipfw@freebsd.org, Julian Elischer <julian@elischer.org>
Subject: Re: [HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2008 17:37:39 -0000

Robert Watson wrote:
> 
> On Tue, 25 Mar 2008, Sepherosa Ziehau wrote:
> 
>> On Tue, Mar 25, 2008 at 1:53 AM, Julian Elischer <julian@elischer.org> 
>> wrote:
>>
>>>  3/ possibly keeping per CPU stats..
>>
>>
>> This probably is the trickest part, not difficult for non-fastforward 
>> case. But if fastforward is enabled, I could only imagine full 
>> cross-cpu states duplication.
> 
> 
> FWIW, there is decreasing difference between IP fast forwarding and 
> regular IP processing in FreeBSD 7.x, as we perform direct dispatch by 
> default, so it's not just the fast forward case where full input 
> parallelism is possible for the firewall, and parallel firewall 
> processing has occurred for output since 5.3.

The regular forwarding path still does a (partial) copy of each packet
it forwards.  This is done for the ICMP redirect functionality.  Additionally
it has a much larger I-cache footprint due to the full ip_input(), ip_forward()
and ip_output() functions being executed.  Yes, the delta is shrinking but
still quite big.  I think regular forwarding still hits the wall at around
300-350kpps whereas fastforward can do 500kpps up to 1mpps with a good hardware
base.

-- 
Andre