ipfw rule processing performances
Karim
fodillemlinkarim at gmail.com
Tue Oct 25 16:00:16 UTC 2011
Hi all,
I am using ipfw with a fairly small amount of rules (~200). Most of
those are skipto rules to different blocking and pass-through blocks. I
use ipfw tags, ALTQ, nat, fwd and several deny and allow rules and I do
not use/need tables.
What I find is around 400Mbps of traffic (~40kpps) an extremely high
amount of cpu usage related to firewall processing.
What I would like to know is if there is an ongoing work to optimise
ipfw and/or gather ideas on how to do that.
I realise my question has a large scope but I am not interested in
optimizing my ruleset I'd like to get a feel for how code wise the
current processing could be optimized (using multiple input TX/RX queues
for example, etc...).
Thanks,
Karim.
More information about the freebsd-ipfw
mailing list