Date: Fri, 10 Feb 2006 12:55:25 -0800 From: Julian Elischer <julian@elischer.org> To: Marcos Bedinelli <bedinelli@madhaus.cns.utoronto.ca> Cc: freebsd-net@freebsd.org Subject: Re: Network performance in a dual CPU system Message-ID: <43ECFDBD.3020606@elischer.org> In-Reply-To: <b9265a86721e4c9dec1e86423ebcd267@madhaus.cns.utoronto.ca> References: <7bb8f24157080b6aaacb897a99259df9@madhaus.cns.utoronto.ca> <43ECB1E7.8010308@mac.com> <711b7ec873f31bc5be50ce477313fac3@madhaus.cns.utoronto.ca> <43ECEF7C.2090101@elischer.org> <b9265a86721e4c9dec1e86423ebcd267@madhaus.cns.utoronto.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Marcos Bedinelli wrote:
> Hi Julian,
>
>
> On 10-Feb-06, at 14:54, Julian Elischer wrote:
>
>> I have found that most people can optimise there ipfw rulests
>> considerably.
>>
>> for example: a first rule of:
>> 1 allow ip from any to any in recv {inside interfacfe}
>> 2 allow ip from any to any out xmit {inside interface}
>> will cut your ipfw load by 50% immediatly.
>> (you should only be filterring on one interface usually)
>>
>> use 'skipto' rules to immediatly send incoming and outgoing data to
>> different rules sets.
>>
>> etc.
>> (I you want to privatly send me your ruleset I can probably help you
>> do this)
>>
>> julian
>
>
>
> Thank you very much for your input and kind offer.
>
> Not long ago I removed the entire ruleset on that machine and the
> impact was minimal (i.e., CPU utilization was still above 98%).
yes but throughput probably went up ;-)
>
>
> Nevertheless, I am sure my ruleset can benefit from some polishing. I
> would like to take the liberty of writing to you in the future to
> exchange some ideas, provided you have no objections.
whenever you are would like to ..
>
> Thanks!
>
> --
> Marcos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43ECFDBD.3020606>