On Thu, 13 Aug 2009, Tom Uffner wrote:
i'm hoping a few people will give me estimates on what kind of throughput i
should theoretically expect before i provide any actual test data.
also, any suggestions on tuning would be welcome.
so far in preliminary tests, enabling polling on the network interfaces
reduces my performance slightly both to/from and through the box.
net.inet.ip.fastforwarding doesn't seem to make much difference either
way but i haven't done very thorough testing of it. increasing
net.inet.tcp.sendbuf_max & recvbuf_max may have helped, but again, not
sufficiently tested.
I can't speak to absolute numbers, but I wouldn't expect net.inet.tcp.*
changes to make any difference, as they should affect only locally terminated
sockets on the firewall host, not forwarded packets.
You might want to try experimenting with net.isr.direct -- try setting it to
0, as this changes the kernel dispatch model for the network stack. On a UP
box, I would probably anticipate a performance loss for making that change, or
similar configuration changes for multiple netisr threads using
net.isr.maxthreads.
If you're using firewall code, fast forwarding is unlikely to make a
difference. Depending on the cache/memory/CPU trade-off, you might find
turning off flowtable support helps -- net.inet.flowtable.enable=0.
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
