On Wed, Sep 10, 2003 at 03:26:15PM -0300, Alejandro G. Belluscio wrote: > First about the benchmarks. Are those with current versions? Because > I've seen those graph since 3.0 and they apear very alike. I was > wondering if there was some comparison between 3.0 and 3.3, for example.
They are the same graphs, from the Usenix talk. It would be very interesting to see updated graphs, but I didn't have time yet to repeat the entire benchmark. > The other point on the benchmarks was why wasn't stateful filtering > tested with the iptables code? I know that it should be called > pseudostateful filtering but... Besides on the page 30 it seems to imply > quite a bit more efficient than ipf with high load, and yet the graph on > slide 28 might imply the opposite. Slide 30 is based on Henning's production results, switching from 2.9 with ipf to 3.0 with pf. Slide 28 is the result of the benchmark on different hardware (and based on artificial testing data, described in the paper on http://www.benzedrine.cx/pf-paper.html). One possible explanation would be that Henning, with better hardware, is operating in the left-side area of slide 29, where pf is faster. > I was intrigued on how was the multi default routes support on KAME. > Do they have a paper on it? I'm not aware of a paper, try googling for "multipath routing kame". At one point, there was a patch in the kame tree, but I think it is no longer maintained. > Is it a 3.5 planned feature, a 3.6 > (i.e. post hackatlon) or a "we still don't know how are we going to > avoid the Cisco patent"? The latter, I don't know how to do it in a way that cleary avoids patent issues. It's also a large chunk of work, and I don't have large chunks of spare time coming up. I guess that means waiting for inspiration or contributions, and adding it if and when it appears. Daniel
