[Top] [All Lists]

Re: Route cache performance

To: Simon Kirby <sim@xxxxxxxxxxxxx>
Subject: Re: Route cache performance
From: jamal <hadi@xxxxxxxxxx>
Date: Sat, 17 Sep 2005 11:17:20 -0400
Cc: Robert Olsson <Robert.Olsson@xxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, Eric Dumazet <dada1@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20050917002823.GB19112@xxxxxxxxxxxxx>
Organization: unknown
References: <20050825200543.GA6612@xxxxxxxxxxxxxxx> <20050825212211.GA23384@xxxxxxxxxxxxx> <20050826115520.GA12351@xxxxxxxxxxxxxxx> <17167.29239.469711.847951@xxxxxxxxxxxx> <20050906235700.GA31820@xxxxxxxxxxxxx> <17182.64751.340488.996748@xxxxxxxxxxxx> <20050907162854.GB24735@xxxxxxxxxxxxx> <20050907195911.GA8382@xxxxxxxxxxxxxxx> <20050913221448.GD15704@xxxxxxxxxxxxx> <17191.55685.861191.831981@xxxxxxxxxxxx> <20050917002823.GB19112@xxxxxxxxxxxxx>
Reply-to: hadi@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
On Fri, 2005-16-09 at 17:28 -0700, Simon Kirby wrote:

> nf_iterate was near the top even though the firewall was empty, so I
> changed CONFIG_IP_NF_IPTABLES=y to CONFIG_IP_NF_IPTABLES=m (and didn't
> load it).  Throughput went up from 173 Mbps to 232 Mbps...yikes. 
> Conntrack was never compiled.  I'll do some more profiling when I get
> a chance...

If you want some basic stateless firewalling, turn off netfilter and use
tc ingress/egress actions instead. The impact on performance is a lot
more tolerable.


<Prev in Thread] Current Thread [Next in Thread>