On Tue, Dec 27, 2011 at 03:00:47PM +0100, Pawel Tyll wrote:
IPFW seems to add more or less constant overhead per rule. In our setup,
~20 rules increase load by 100% (one core). We are able to reach 10GE
(1.1mpps) on some routers with most packets travelling 8-10 ipfw rules.
However, even
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to figure out how fast
it can run.
If I understand correctly, this would require netmap to catch every
packet from interfaces
On 27.12.2011 04:54, Pawel Tyll wrote:
Hi lists,
Are there any profiling tools in the system or ports that would allow
me to determine how much processing is being done per packet and how
long does it take? I would like to predict possible PPS load for my
system and perhaps locate and
IPFW seems to add more or less constant overhead per rule. In our setup,
~20 rules increase load by 100% (one core). We are able to reach 10GE
(1.1mpps) on some routers with most packets travelling 8-10 ipfw rules.
However, even with ipfw add 1 allow ip from any to any
1.1 mpps routing
On Tue, Dec 27, 2011 at 03:18:04PM +0100, Pawel Tyll wrote:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to figure out how fast
it can run.
If I understand correctly,
a 1500-byte frame is 12k bits so you need 830 Kpps
to saturate the 10G link in one direction (and say another 450 Kpps
as acks in the other direction).
Obviously, sorry. Didn't have enough sleep lately :)
___
freebsd-ipfw@freebsd.org mailing list
On 12/27/2011 6:36 AM, Alexander V. Chernikov wrote:
Is IPFW efficient enough to firewall 2x10GE (in+out) interfaces
without much latency increase, when running on modern hardware
with Intel NICs? Majority of processing tasks would probably be setfib
according to matches in
Mike Tancsa wrote:
On 12/27/2011 6:36 AM, Alexander V. Chernikov wrote:
Is IPFW efficient enough to firewall 2x10GE (in+out) interfaces
without much latency increase, when running on modern hardware
with Intel NICs? Majority of processing tasks would probably be setfib
Hello, Luigi.
You wrote 27 декабря 2011 г., 18:26:00:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to figure out how fast
it can run.
I still don't understand why it should be
Hello, Adrian.
You wrote 28 декабря 2011 г., 10:04:13:
Maybe someone should write one and open source it this time.. :)
In presence of LLVM in the base, it looks, that we should generate
native code from IPFW bytecodes, without intermediate C code :)
Looks doeable!
--
// Black Lion AKA Lev
2011/12/27 Lev Serebryakov l...@freebsd.org:
Hello, Luigi.
You wrote 27 декабря 2011 г., 18:26:00:
plans, yes - not sure how long it will take. I have compiled
ipfw+dummynet as a standalone module (outside the kernel)
but have not yet hooked the code to netmap to figure out how fast
it can
11 matches
Mail list logo
