From owner-freebsd-ipfw@FreeBSD.ORG  Sat Sep 12 13:09:15 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 47B35106566C
	for <freebsd-ipfw@freebsd.org>; Sat, 12 Sep 2009 13:09:15 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238])
	by mx1.freebsd.org (Postfix) with ESMTP id 0BF8D8FC13
	for <freebsd-ipfw@freebsd.org>; Sat, 12 Sep 2009 13:09:14 +0000 (UTC)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
	id CE21773106; Sat, 12 Sep 2009 15:15:16 +0200 (CEST)
Date: Sat, 12 Sep 2009 15:15:16 +0200
From: Luigi Rizzo <rizzo@iet.unipi.it>
To: Cypher Wu <cypher.w@gmail.com>
Message-ID: <20090912131516.GB46135@onelab2.iet.unipi.it>
References: <f9f38a550909120005q36f46646g49a28bd4f73536b9@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f9f38a550909120005q36f46646g49a28bd4f73536b9@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Is there any one who can give me some opinions about the
	performance bout IPFW?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Sep 2009 13:09:15 -0000

On Sat, Sep 12, 2009 at 03:05:51PM +0800, Cypher Wu wrote:
> 1. How many rules configured.
> 2. The general traffic supported.
> 3. Hardware platform.
> .......
> 
> I'm thinking to port IPFW to another platform which can support up to
> 10GbE traffic bidirectional and running in user node, any advise will
> be appreciated.

i am not entirely clear on what you want to do or know
but at the end of the dummynet page

	http://info.iet.unipi.it/~luigi/dummynet/

there are also some papers (and more data should come in the next
couple of weeks) measuring the performance of ipfw.

On a 2 GHz machine the ipfw overhead alone is 200-500ns per
entry in the firewall, plus another 50ns per rule, and another
30-50ns per additional microinstruction.

Most of the overhead comes from the rest of the protocol stack;
between receive, network stack demux and transmit you can easily
consume between 1.5 and 6-7us per packet on the same hardware,
depending on the OS and driver.

cheers
luigi