Network performance in a dual CPU system
Marcos Bedinelli
bedinelli at madhaus.cns.utoronto.ca
Fri Feb 10 12:22:51 PST 2006
Hi Julian,
On 10-Feb-06, at 14:54, Julian Elischer wrote:
> I have found that most people can optimise there ipfw rulests
> considerably.
>
> for example: a first rule of:
> 1 allow ip from any to any in recv {inside interfacfe}
> 2 allow ip from any to any out xmit {inside interface}
> will cut your ipfw load by 50% immediatly.
> (you should only be filterring on one interface usually)
>
> use 'skipto' rules to immediatly send incoming and outgoing data to
> different rules sets.
>
> etc.
> (I you want to privatly send me your ruleset I can probably help you
> do this)
>
> julian
Thank you very much for your input and kind offer.
Not long ago I removed the entire ruleset on that machine and the
impact was minimal (i.e., CPU utilization was still above 98%).
Nevertheless, I am sure my ruleset can benefit from some polishing. I
would like to take the liberty of writing to you in the future to
exchange some ideas, provided you have no objections.
Thanks!
--
Marcos
More information about the freebsd-net
mailing list