ipfw meets netmap (6.5 Mpps in userspace)
Luigi Rizzo
rizzo at iet.unipi.it
Mon Aug 13 12:49:24 UTC 2012
On Mon, Aug 13, 2012 at 02:42:43PM +0200, Olivier Cochard-Labb? wrote:
> On Mon, Aug 13, 2012 at 1:17 PM, Luigi Rizzo <rizzo at iet.unipi.it> wrote:
> > I just finished a netmap-enabled version of ipfw/dummynet, which
> > runs in userspace and is able to process over 6 million packets per
> > second (Mpps) with simple rulesets, and over 2.2 Mpps through
> > dummynet pipes (tested on an i7-3400 connected to VALE ports;
> > VALE is a software switch part of netmap).
>
> Hi,
>
> Reading the README file: "Real packet I/O is possible using netmap",
> Can we use it for high-speed firewalling among real NICs now?
>
> Can you confirm that we just need:
> 1. An up-to-date FreeBSD -current (build from source synced the
> 2012-08-03 mininum) with netmap module loaded;
> 2. netmap compliant NICs (ixgbe, e1000 or re);
> 3. compile, configure and start ipfw-user.
>
> Can ipfw-user be directly connected to two netmap-enabled NICs in
> place of vale switches->netmap bridge->NIC ?
yes to all three (though i have not tried yet as i do not have
access to 10G hardware now, vale ports behave exactly the same
as a real card).
Whoever feels like trying, performance numbers are welcome.
I'll prepare a picobsd image with all the tools shortly.
cheers
luigi
>
> Olivier
More information about the freebsd-net
mailing list