Large scale NAT
Erik Norgaard
info at plot.uz
Fri May 11 13:16:39 UTC 2007
On Fri, 11 May 2007, Todor Dragnev wrote:
> Hello list,
>
> I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box(
> v6.2) to translate RFC1918 ip addresses to real one.
>
> All works fine, but my CPU usage is very high and router starts to drop
> packets and sometimes freeze.
> I fix freezes problem with POLLING but CPU usage is still very high.
>
> Throughput on one interface is about 200Mbit/s, but next month I will need
> more speed to pass through this box and I looking for better solution
>
> What is the throughput limit what I can expect from FreeBSD in this
> situation?
>
> Are someone in the list have experience with large NAT tables?
> It is time to switch to Cisco or something similar - any suggestions ?
There is a comparison of ip-filter and packet filter here
http://www.benzedrine.cx/pf-paper.html
Rather old now, but as I understand, pf does a better job when tables grow
large when filtering is stateful.
Cheers, Erik
_______________________________________________
freebsd-isp at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list