Is there any one who can give me some opinions about the performance bout IPFW?

Cypher Wu cypher.w at gmail.com
Sat Sep 12 13:42:21 UTC 2009


Thanks.

I'll keep an eye at the page you said. Right now it seems the link at
the end of it only show some perfomance on Dummynet.

The platform I'm using has a very different way comparing to the usual
platform we are using. It running a embedded Linux, but for the High
speed network interface it supplies a way to get Ethernet directly
from the interface driver to user space with zero copy, and no stack
needed. Why I'm trying IPFW is because it can be used directly in the
Ethernet layer, and only a single checkpoint. Thus I can 'create' a
mbuf packet using the buffer I've got from interface driver and pass
it into ipfw_chk. So what I care about is the performance about IPFW
itself.


On Sat, Sep 12, 2009 at 9:15 PM, Luigi Rizzo <rizzo at iet.unipi.it> wrote:
> On Sat, Sep 12, 2009 at 03:05:51PM +0800, Cypher Wu wrote:
>> 1. How many rules configured.
>> 2. The general traffic supported.
>> 3. Hardware platform.
>> .......
>>
>> I'm thinking to port IPFW to another platform which can support up to
>> 10GbE traffic bidirectional and running in user node, any advise will
>> be appreciated.
>
> i am not entirely clear on what you want to do or know
> but at the end of the dummynet page
>
>        http://info.iet.unipi.it/~luigi/dummynet/
>
> there are also some papers (and more data should come in the next
> couple of weeks) measuring the performance of ipfw.
>
> On a 2 GHz machine the ipfw overhead alone is 200-500ns per
> entry in the firewall, plus another 50ns per rule, and another
> 30-50ns per additional microinstruction.
>
> Most of the overhead comes from the rest of the protocol stack;
> between receive, network stack demux and transmit you can easily
> consume between 1.5 and 6-7us per packet on the same hardware,
> depending on the OS and driver.
>
> cheers
> luigi
>


More information about the freebsd-ipfw mailing list