Is there any one who can give me some opinions about the
performance bout IPFW?
Luigi Rizzo
rizzo at iet.unipi.it
Sat Sep 12 13:09:15 UTC 2009
On Sat, Sep 12, 2009 at 03:05:51PM +0800, Cypher Wu wrote:
> 1. How many rules configured.
> 2. The general traffic supported.
> 3. Hardware platform.
> .......
>
> I'm thinking to port IPFW to another platform which can support up to
> 10GbE traffic bidirectional and running in user node, any advise will
> be appreciated.
i am not entirely clear on what you want to do or know
but at the end of the dummynet page
http://info.iet.unipi.it/~luigi/dummynet/
there are also some papers (and more data should come in the next
couple of weeks) measuring the performance of ipfw.
On a 2 GHz machine the ipfw overhead alone is 200-500ns per
entry in the firewall, plus another 50ns per rule, and another
30-50ns per additional microinstruction.
Most of the overhead comes from the rest of the protocol stack;
between receive, network stack demux and transmit you can easily
consume between 1.5 and 6-7us per packet on the same hardware,
depending on the OS and driver.
cheers
luigi
More information about the freebsd-ipfw
mailing list