[HEADS UP!] IPFW Ideas: possible SoC 2008 candidate

Andre Oppermann andre at freebsd.org
Thu Mar 27 10:10:58 PDT 2008

Robert Watson wrote:
> On Tue, 25 Mar 2008, Sepherosa Ziehau wrote:
>> On Tue, Mar 25, 2008 at 1:53 AM, Julian Elischer <julian at elischer.org> 
>> wrote:
>>>  3/ possibly keeping per CPU stats..
>> This probably is the trickest part, not difficult for non-fastforward 
>> case. But if fastforward is enabled, I could only imagine full 
>> cross-cpu states duplication.
> FWIW, there is decreasing difference between IP fast forwarding and 
> regular IP processing in FreeBSD 7.x, as we perform direct dispatch by 
> default, so it's not just the fast forward case where full input 
> parallelism is possible for the firewall, and parallel firewall 
> processing has occurred for output since 5.3.

The regular forwarding path still does a (partial) copy of each packet
it forwards.  This is done for the ICMP redirect functionality.  Additionally
it has a much larger I-cache footprint due to the full ip_input(), ip_forward()
and ip_output() functions being executed.  Yes, the delta is shrinking but
still quite big.  I think regular forwarding still hits the wall at around
300-350kpps whereas fastforward can do 500kpps up to 1mpps with a good hardware


More information about the freebsd-hackers mailing list