throughput and interrupts
Julian Elischer
julian at elischer.org
Wed Aug 16 22:57:06 UTC 2006
Peter Jeremy wrote:
>On Wed, 2006-Aug-16 09:59:22 +0700, Bachilo Dmitry wrote:
>
>
>>Oh, it's natd. Now I see, but I just don't get it. I know that natd is not
>>efficient but, as I've said, at home I have 9 or almost 10 MB/sec through the
>>natd, while at this particular server I see only 3,7 MB maximum. I've tried
>>now to turn all the natting off and tried to download a file and got like 9
>>MB/sec, so it is natd who loads the system up.
>>
>>
>
>natd runs in userland so every packet has to be pushed out to userland,
>processed and pushed back into the kernel. The vast majority of the
>overhead is the userland/kernel transition so natd gives you a basically
>fixed pps rate. Your throughput will vary depending on the packet size.
>
>
in 6.1 there is an in kernel version of natd..
man ng_nat
>
>
>>Someone advised me to use pf or ipnat, but I never did that before and heard
>>that this nats have some limitations (like ipnat can't translate icmp packets
>>or something).
>>
>>
>
>Some time ago, I switched from natd to ipnat at work because the
>overhead was getting too much. (I've also switched hardware so I
>can't give you direct performance comparisons). I have found some
>problems with IPfilter in -stable when combining ipfilter/ipnat,
>stateful filtering and conditional NATing (ie a packet to B gets NAT'd
>to C only if it came from A). (The same combination works in IPfilter
>3.x on Solaris.) Normal filtering and NATing works OK.
>
>
>
More information about the freebsd-current
mailing list