Thanks for telling me this.
I switched to PF and it performs better.
However, if you know, where in the code does libalias use only 4096
buckets? I want to know incase I want/have to switch back to IPFW.
-Neel
On 2020-03-18 07:25, Lev Serebryakov wrote:
On 18.03.2020 9:17, Kristof Provost wrote:
Which firewall gives better performance, IPFW's In-Kernel NAT or PF
NAT? I am dealing with 1000s of concurrent connections but
browsing-level-bandwidth at once with Tor.
I’d expect both ipfw and pf to happily saturate gigabit links with
NAT, even on quite modest hardware.
Are you sure the NAT code is the bottleneck?
ipfw nat is very slow, really. There are many reasons, and one of them
(easy fixable, but you need patch sources and rebuild kernel/module) is
that `libalias` uses only 4096 buckets in state hashtable by default.
So
it could saturate 1GBps link if you have 10 TCP connections, but it
could not saturate 100Mbit if your have, say, 100K UDP streams.
I don't know about pf nat.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
