[HEADS UP!] IPFW Ideas: possible SoC 2008 candidate
andre at freebsd.org
Thu Mar 27 10:10:58 PDT 2008
Robert Watson wrote:
> On Tue, 25 Mar 2008, Sepherosa Ziehau wrote:
>> On Tue, Mar 25, 2008 at 1:53 AM, Julian Elischer <julian at elischer.org>
>>> 3/ possibly keeping per CPU stats..
>> This probably is the trickest part, not difficult for non-fastforward
>> case. But if fastforward is enabled, I could only imagine full
>> cross-cpu states duplication.
> FWIW, there is decreasing difference between IP fast forwarding and
> regular IP processing in FreeBSD 7.x, as we perform direct dispatch by
> default, so it's not just the fast forward case where full input
> parallelism is possible for the firewall, and parallel firewall
> processing has occurred for output since 5.3.
The regular forwarding path still does a (partial) copy of each packet
it forwards. This is done for the ICMP redirect functionality. Additionally
it has a much larger I-cache footprint due to the full ip_input(), ip_forward()
and ip_output() functions being executed. Yes, the delta is shrinking but
still quite big. I think regular forwarding still hits the wall at around
300-350kpps whereas fastforward can do 500kpps up to 1mpps with a good hardware
More information about the freebsd-hackers