throughput and interrupts

Peter Jeremy peterjeremy at
Wed Aug 16 09:49:58 UTC 2006

On Wed, 2006-Aug-16 09:59:22 +0700, Bachilo Dmitry wrote:
>Oh, it's natd. Now I see, but I just don't get it. I know that natd is not 
>efficient but, as I've said, at home I have 9 or almost 10 MB/sec through the 
>natd, while at this particular server I see only 3,7 MB maximum. I've tried 
>now to turn all the natting off and tried to download a file and got like 9 
>MB/sec, so it is natd who loads the system up.

natd runs in userland so every packet has to be pushed out to userland,
processed and pushed back into the kernel.  The vast majority of the
overhead is the userland/kernel transition so natd gives you a basically
fixed pps rate.  Your throughput will vary depending on the packet size.

>Someone advised me to use pf or ipnat, but I never did that before and heard 
>that this nats have some limitations (like ipnat can't translate icmp packets 
>or something).

Some time ago, I switched from natd to ipnat at work because the
overhead was getting too much.  (I've also switched hardware so I
can't give you direct performance comparisons).  I have found some
problems with IPfilter in -stable when combining ipfilter/ipnat,
stateful filtering and conditional NATing (ie a packet to B gets NAT'd
to C only if it came from A).  (The same combination works in IPfilter
3.x on Solaris.)  Normal filtering and NATing works OK.

Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-current mailing list