On Fri, 11 May 2007, Todor Dragnev wrote:
Hello list,
I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box(
v6.2) to translate RFC1918 ip addresses to real one.
All works fine, but my CPU usage is very high and router starts to drop
packets and sometimes freeze.
I fix freezes problem with POLLING but CPU usage is still very high.
Throughput on one interface is about 200Mbit/s, but next month I will need
more speed to pass through this box and I looking for better solution
What is the throughput limit what I can expect from FreeBSD in this
situation?
Are someone in the list have experience with large NAT tables?
It is time to switch to Cisco or something similar - any suggestions ?
There is a comparison of ip-filter and packet filter here
http://www.benzedrine.cx/pf-paper.html
Rather old now, but as I understand, pf does a better job when tables grow
large when filtering is stateful.
Cheers, Erik
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
