Date: Wed, 25 Mar 2009 01:07:35 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Cc: Deomid Ryabkov <myself@rojer.pp.ru> Subject: Re: 8.0-CURRENT: having pf enabled without any rules impacts forwarding performance Message-ID: <200903250107.36160.max@love2party.net> In-Reply-To: <49C96933.4030901@rojer.pp.ru> References: <49C96933.4030901@rojer.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 25 March 2009 00:13:55 Deomid Ryabkov wrote: > i have a machine with nc running through it. > with pf disabled, i see 960-970 mbit/s through it (as reported by systat > -ifstat). > just having pf enabled, with empty ruleset: > > # pfctl -vs nat > # pfctl -vs rules > # > > reduces throughput to about 700 mbit. > this seems wrong. any ideas why this might be happening? You have to search the (empty) ruleset for the (implicit) default "pass all" rule. This is somewhat expensive. Then there is the pf mutex (quite expensive) and the pfil rm_lock (not so much). In addition the pf mutex is a single, global lock and thus reduces the opportunity for parallelism. > OS: 8.0-CURRENT #0: Fri Feb 27 04:20:49 MSK 2009 > > thanks. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903250107.36160.max>