packet forwarding/firewall performance question
Tom Uffner
tom at uffner.com
Thu Aug 13 22:04:18 UTC 2009
I am curious what level of performance I should expect from the
firewall box described below in terms of packets/sec and bytes/sec.
it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface
and 20 Mbs symetric Fios on the outside. both interfaces are 100 Mbs.
it is running sshd, bsnmpd, sendmail (outbound only), bind9 (serving
local domain info & queries from 5-15 machines on the LAN) and isc-dhcpd.
it acts as a border firewall/router for a small LAN w/ 5 static external
addresses & the rest NATed.
Kernel: http://www.uffner.com/temp/GATEWAY.txt
dmesg: http://www.uffner.com/temp/dmesg.txt
rc.conf: http://www.uffner.com/temp/rc.conf.txt
pf.conf: http://www.uffner.com/temp/pf.conf.txt
i'm hoping a few people will give me estimates on what kind of throughput
i should theoretically expect before i provide any actual test data.
also, any suggestions on tuning would be welcome.
so far in preliminary tests, enabling polling on the network interfaces
reduces my performance slightly both to/from and through the box.
net.inet.ip.fastforwarding doesn't seem to make much difference either
way but i haven't done very thorough testing of it. increasing
net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not
sufficiently tested.
More information about the freebsd-pf
mailing list