* Florin Andrei [EMAIL PROTECTED] [2007-10-17 00:16]:
HOLY SH*T! I tried 4.2. It rocks!
Just the first test that I tried after installing it:
- switched gigabit network
- web server behind 1:1 NATing firewall
- firewall is AMD64 X2 2.4GHz
- downloading 2GB file via HTTP through the firewall
Florin Andrei wrote:
##
Huge performance improvements in the network stack, including:
* In pf, store routing table ID, queue ID etc directly in the packet
header mbuf instead of using mbuf tags (which use malloc'd memory). This
yields a 100% improvement in pf performance.
On 10/16/07, Florin Andrei [EMAIL PROTECTED] wrote:
- flooding the firewall with small UDP packets, random source IPs,
generated as fast as my workstation (AMD64 X2 6400, Intel Pro/1000 PCI
Express card, Linux Fedora 7, running the kernel-level pktgen packet
generator which is very fast) can
On 2007/10/16 15:27, James Hartley wrote:
On 10/16/07, Florin Andrei [EMAIL PROTECTED] wrote:
- flooding the firewall with small UDP packets, random source IPs,
generated as fast as my workstation (AMD64 X2 6400, Intel Pro/1000 PCI
Express card, Linux Fedora 7, running the kernel-level
Stuart Henderson wrote:
On 2007/10/16 15:27, James Hartley wrote:
Secondly, does anyone on the mailing list know of an OpenBSD
equivalent to pktgen?
Not in-kernel, but netblast from the netrate package is somewhat
useful.
If anybody has a same-hardware performance comparison between pktgen
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 22:54]:
Henning Brauer wrote:
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
then, an i386 kernel should perform considerably better than amd64 for
firewalling/routing/...
That is surprising. What is the reason?
we dunno really. it hasn't
On 10/9/07, Henning Brauer [EMAIL PROTECTED] wrote:
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
then, an i386 kernel should perform considerably better than amd64 for
firewalling/routing/...
That is surprising. What is the reason?
we dunno really. it hasn't been benched in
* Siju George [EMAIL PROTECTED] [2007-10-10 15:10]:
On 10/9/07, Henning Brauer [EMAIL PROTECTED] wrote:
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
then, an i386 kernel should perform considerably better than amd64 for
firewalling/routing/...
That is surprising. What is the
Henning Brauer [EMAIL PROTECTED] writes:
so you think a 20 ton truck is twice as fast as a 10 ton truck?
horizontal or vertical motion? assuming a perfectly spherical truck?
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/
Siju George wrote:
I thought by running an amd64 kernel will get me twice the speed than
an i386 on an amd64 machine since one is 64 bit processing and the
other is just 32 bit :-(
64 bit processors (combined with 64 bit capable operating systems) have
the ability to address more RAM than
On Wed, Oct 10, 2007 at 09:24:25AM -0500, Robert C Wittig wrote:
| Siju George wrote:
|
| I thought by running an amd64 kernel will get me twice the speed than
| an i386 on an amd64 machine since one is 64 bit processing and the
| other is just 32 bit :-(
|
|
| 64 bit processors (combined with 64
Robert C Wittig wrote:
64 bit processors (combined with 64 bit capable operating systems) have
the ability to address more RAM than 32 bit processors because 64^2 is a
much larger number than 32^2... lots more RAM addresses).
The increase from 2^32 to 2^64 is even more impressive. ;-)
--Jon
Robert C Wittig wrote:
Siju George wrote:
I thought by running an amd64 kernel will get me twice the
speed than
an i386 on an amd64 machine since one is 64 bit processing and the
other is just 32 bit :-(
64 bit processors (combined with 64 bit capable operating
systems) have
On 10/10/07, Henning Brauer [EMAIL PROTECTED] wrote:
* Siju George [EMAIL PROTECTED] [2007-10-10 15:10]:
On 10/9/07, Henning Brauer [EMAIL PROTECTED] wrote:
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
then, an i386 kernel should perform considerably better than amd64 for
And is it in a vacuum?
Peter N. M. Hansteen wrote:
Henning Brauer [EMAIL PROTECTED] writes:
so you think a 20 ton truck is twice as fast as a 10 ton truck?
horizontal or vertical motion? assuming a perfectly spherical truck?
Siju George wrote:
snip
so you think a 20 ton truck is twice as fast as a 10 ton truck?
O.K I get it :-)
So when does changing from 32 bit to a 64-bit processor actually help?
Quoting Paul de Weerd,
In short: There is no short answer. It depends on what you're doing.
( Not to mention how you
On 2007/10/10 11:20, Tony Abernethy wrote:
Siju George wrote:
snip
so you think a 20 ton truck is twice as fast as a 10 ton truck?
O.K I get it :-)
So when does changing from 32 bit to a 64-bit processor actually help?
Quoting Paul de Weerd,
In short: There is no short answer. It
Paul de Weerd wrote:
wittig wrote:
| 64 bit processors (combined with 64 bit capable operating systems) have
| the ability to address more RAM than 32 bit processors because 64^2 is a
| much larger number than 32^2... lots more RAM addresses).
Oops! that should have read:
2^64 and 2^32
On Wed, Oct 10, 2007 at 12:34:48PM -0500, Robert C Wittig wrote:
| If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig
| RAM and a 64 bit CPU, which would be a better choice, in general?
There is no such generalization. The amount of RAM you need depends on
the task. For
On 10/10/07, Robert C Wittig [EMAIL PROTECTED] wrote:
If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig
RAM and a 64 bit CPU, which would be a better choice, in general?
64-bit and 1 GB. it's much easier to add another GB RAM later than to
add 32-bits.
* Robert C Wittig [EMAIL PROTECTED] [2007-10-10 20:45]:
If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig RAM
and a 64 bit CPU, which would be a better choice, in general?
for a packet filter/router/...? 32bit 2Gig and take a gig out.
for a databse server? 64bit and add
* Florin Andrei [EMAIL PROTECTED] [2007-10-05 03:55]:
The hardware is AMD64, Tyan Transport, 2 CPUs 2 cores each. I am using the
SMP kernel. The network card is Intel Pro/1000 PCI Express 4x dual gigabit
port, it carries both em0 and em1.
First, you want to run 4.2 or -current, that shoudl
Henning Brauer wrote:
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
then, an i386 kernel should perform considerably better than amd64 for
firewalling/routing/...
That is surprising. What is the reason?
we dunno really. it hasn't been benched in sometimesoit might not even
be true
Stuart Henderson wrote:
On 2007/10/04 17:48, Florin Andrei wrote:
All firewall rules are written as stateless as possible - I don't need
stateful filtering, the setup is very simple (allow HTTP inbound, allow a
few ICMP types, and that's it).
congestion116169
Florin Andrei wrote:
I expected OpenBSD 4.1 to do better. But the thing is, even without the
UDP flood, the OpenBSD firewall is very slow. I am downloading a huge
file through it, via HTTP, and all I get is 4 Mbyte / sec. With Linux I
get 112 Mbyte / sec.
Something's wrong. Or I'm doing
On 10/8/07, Florin Andrei [EMAIL PROTECTED] wrote:
I still can't match the performance I get from Linux. Any suggestion is
appreciated.
there were in the past postings on this list about problems with quad-port
em NICs. I am absolutely not in a position to tell whether they are relevant
for
knitti wrote:
there were in the past postings on this list about problems with quad-port
em NICs. I am absolutely not in a position to tell whether they are relevant
for this situation. If I remember correctly, there was a problem with TCP
checksum offloading, and a suggested fix in one
On 10/8/07, Florin Andrei [EMAIL PROTECTED] wrote:
snip
The UDP flood still freezes the system solid (but I discovered that the
system clock continues to work more or less fine, it's just the text
console and the firewall that are not responsive).
I still can't match the performance I get
On Thu, Oct 04, 2007 at 05:48:50PM -0700, Florin Andrei wrote:
Dual-homed firewall, web server on the private network, firewall is
doing 1:1 NAT for the web server to the public interface of the
firewall. em0 is the public interface, em1 is the private one.
In the exact same setup (same
On 2007/10/04 17:48, Florin Andrei wrote:
All firewall rules are written as stateless as possible - I don't need
stateful filtering, the setup is very simple (allow HTTP inbound, allow a
few ICMP types, and that's it).
You might want to re-think this, stateless rulesets are usually
slower.
Dual-homed firewall, web server on the private network, firewall is
doing 1:1 NAT for the web server to the public interface of the
firewall. em0 is the public interface, em1 is the private one.
In the exact same setup (same hardware even) I am comparing Linux and
OpenBSD for a firewall.
31 matches
Mail list logo
