On Thu, 19 Mar 2020 14:33:34 +0300
Lev Serebryakov wrote:
> On 19.03.2020 7:14, Neel Chauhan wrote:
>
> > However, if you know, where in the code does libalias use only 4096
> > buckets? I want to know incase I want/have to switch back to IPFW.
> 4096 is my mistake, it is 4001 and must be
On 19.03.2020 7:14, Neel Chauhan wrote:
> However, if you know, where in the code does libalias use only 4096
> buckets? I want to know incase I want/have to switch back to IPFW.
4096 is my mistake, it is 4001 and must be prime. It is here:
sys/netinet/libalias/alias_local.h:69-70:
#define
19.03.2020 18:19, Lev Serebryakov wrote:
>> Don't you think that now as ipfw nat builds libalias in kernel context,
>> it could scale with maxusers (sys/systm.h) ?
>>
>> Something like (4001 + (maxusers-32)*8) so it grows with amount of physical
>> memory
>> and is kept small for low-memory
On 19.03.2020 9:42, Eugene Grosbein wrote:
>>> I’d expect both ipfw and pf to happily saturate gigabit links with NAT,
>>> even on quite modest hardware.
>>> Are you sure the NAT code is the bottleneck?
>> ipfw nat is very slow, really. There are many reasons, and one of them
>> (easy fixable,
19.03.2020 13:42, Eugene Grosbein wrote:
> It's really 4001 that is (and sould be) prime number.
If we decide to auto-tune this, here is small table of prime numbers to stick
with:
4001
8011
12011
16001
24001
32003
48017
64007
___
18.03.2020 21:25, Lev Serebryakov wrote:
> On 18.03.2020 9:17, Kristof Provost wrote:
>
>>> Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I
>>> am dealing with 1000s of concurrent connections but
>>> browsing-level-bandwidth at once with Tor.
>>>
>> I’d expect both
Thanks for telling me this.
I switched to PF and it performs better.
However, if you know, where in the code does libalias use only 4096
buckets? I want to know incase I want/have to switch back to IPFW.
-Neel
On 2020-03-18 07:25, Lev Serebryakov wrote:
On 18.03.2020 9:17, Kristof Provost
On 18.03.2020 9:17, Kristof Provost wrote:
>> Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I
>> am dealing with 1000s of concurrent connections but browsing-level-bandwidth
>> at once with Tor.
>>
> I’d expect both ipfw and pf to happily saturate gigabit links with
> On 18 Mar 2020, at 13:31, Neel Chauhan wrote:
>
> Hi freebsd-net@ mailing list,
>
> Right now, my firewall is a HP T730 thin client (with a Dell Broadcom 5720
> PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is "Wave G"
> in the Seattle area, and I have the Gigabit plan.
Hi freebsd-net@ mailing list,
Right now, my firewall is a HP T730 thin client (with a Dell Broadcom
5720 PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is
"Wave G" in the Seattle area, and I have the Gigabit plan.
Speedtests usually give me 700 Mbps down/900 Mbps up, and
10 matches
Mail list logo
