netdev
[Top] [All Lists]

Re: Linux 2.4 networking/routing slowdown

To: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Subject: Re: Linux 2.4 networking/routing slowdown
From: Robert Olsson <Robert.Olsson@xxxxxxxxxxx>
Date: Sat, 4 Aug 2001 15:55:31 +0200
Cc: jamal <hadi@xxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <E15Sq5k-0006kL-00@localhost>
References: <Pine.GSO.4.30.0108020654510.18643-100000@xxxxxxxxxxxxxxxx> <E15Sq5k-0006kL-00@localhost>
Sender: owner-netdev@xxxxxxxxxxx

Rusty Russell writes:
 > In message <Pine.GSO.4.30.0108020654510.18643-100000@xxxxxxxxxxxxxxxx> you 
 > writ
 > e:
 > > Sorry, I missed this ...
 > > Routing does not slow down when you dont compile in netfilter.
 > > Upto 20% degradation if you turn it on with a single IP table rule
 > > with 2.4.7
 > 
 > Hmmm... I missed the start of this.  You're saying the overhead of
 > CONFIG_NETFILTER + iptables module + one rule is 20%?


Rusty here are some numbers for connection tracking...

Forwarding from eth0 to eth1. One million packets injected into eth0 at 
890.000 pkts/s. Kernel 2.4.7 UP PII @ 933 MHz and hacked e1000 driver. First 
with run without ipchains.o.

Ignore the RX-ERR, RX-DRP Intel does something weird when the counters
roll over. 

Iface   MTU Met  RX-OK RX-ERR RX-DRP RX-OVR  TX-OK TX-ERR TX-DRP TX-OVR Flags
eth0   1500   0 367023 782941 782941 632997     30      0      0      0 BRU
eth1   1500   0     15      0      0      0 366830      0      0      0 BRU

A throughput of 0.37 * 890.000 = 329.000 pkts/s

With ipchains.o insmoded but *no* filters at all...

Iface   MTU Met  RX-OK RX-ERR RX-DRP RX-OVR  TX-OK TX-ERR TX-DRP TX-OVR Flags
eth0   1500   0 249153 842948 842948 750870     31      0      0      0 BRU
eth1   1500   0      8      0      0      0 249094      0      0      0 BRU

A throughput of 0.25 * 890.000 = 222.000 pkts/s

And it seems like its the connecting tracking that takes the resources
iptables without connection tracking modules loaded was fine.

The moral of this... Use iptables and don't load connection tracking unless 
you really need it.


Cheers.

                                                --ro


<Prev in Thread] Current Thread [Next in Thread>