Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Aug 2009 14:55:19 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Tom Uffner <tom@uffner.com>
Cc:        pf@freebsd.org, current@freebsd.org
Subject:   Re: packet forwarding/firewall performance question
Message-ID:  <alpine.BSF.2.00.0908141452040.82989@fledge.watson.org>
In-Reply-To: <4A8484E4.6090504@uffner.com>
References:  <4A8484E4.6090504@uffner.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 13 Aug 2009, Tom Uffner wrote:

> i'm hoping a few people will give me estimates on what kind of throughput i 
> should theoretically expect before i provide any actual test data.
>
> also, any suggestions on tuning would be welcome.
>
> so far in preliminary tests, enabling polling on the network interfaces
> reduces my performance slightly both to/from and through the box.
> net.inet.ip.fastforwarding doesn't seem to make much difference either
> way but i haven't done very thorough testing of it. increasing
> net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not
> sufficiently tested.

I can't speak to absolute numbers, but I wouldn't expect net.inet.tcp.* 
changes to make any difference, as they should affect only locally terminated 
sockets on the firewall host, not forwarded packets.

You might want to try experimenting with net.isr.direct -- try setting it to 
0, as this changes the kernel dispatch model for the network stack.  On a UP 
box, I would probably anticipate a performance loss for making that change, or 
similar configuration changes for multiple netisr threads using 
net.isr.maxthreads.

If you're using firewall code, fast forwarding is unlikely to make a 
difference.  Depending on the cache/memory/CPU trade-off, you might find 
turning off flowtable support helps -- net.inet.flowtable.enable=0.

Robert N M Watson
Computer Laboratory
University of Cambridge



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0908141452040.82989>