loading lot of rules takes very long time
Artis Caune
ac at latnet.lv
Thu Nov 6 03:06:07 PST 2003
Hello,
We have about 10000-20000 pipes for
different subnets, and it takes very long
time to load them - about 10-15min.
92.8% interrupt, 0.0% idle
strange that things slow down when count
reaches 2000-2500 rules.
is there something we can do to speed things up?
rules are added like:
ipfw -q add 1 pipe 1 src-ip 1.1.1.1 out via em0
ipfw pipe 1 config bw 30Kbytes/s queue 10
...
soo 'ipfw' is invoked '2 x client_count' !!!
maybe ipfw need feature like:
ipfw -f /etc/rc.firewall
# FreeBSD-4.9, IPFW2,
# HZ=2000, DEVICE_POLLING,
# 1G RAM, 2.4xeon on Intel server board
.....
Artis
More information about the freebsd-ipfw
mailing list