netfilter performance dependent on arch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marek Kierdelewicz <marek@piasta.pl>
To: netfilter@vger.kernel.org
Subject: netfilter performance dependent on arch
Date: Tue, 7 Feb 2012 18:34:53 +0100	[thread overview]
Message-ID: <20120207183453.522fa74b@catus> (raw)

Hi,

Can anyone point me to some performance comparison of netfilter on i686
and x86_64? I have a few linux routers doing a lot of firewalling and
QoS. Currently those routers use i686 arch on 64-bit hardware. Would I
notice any performance gain after moving to 64-bit kernel?

Next question. On some routers I don't need statefull firewall at all
and I have NOTRACT as a default rule in raw netfilter table. What is
the expected performance gain if I would fully disable conntrack
instead of using NOTRACK target? What would be the best approach to do
it on debian squeeze distribution kernel (nf_conntrack compiled as a
module)? Is blacklisting nf_conntrack module enough (to be safe in case
of accidental addition of statefull rule)?

best regards,
Marek Kierdelewicz

next             reply	other threads:[~2012-02-07 17:34 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-07 17:34 Marek Kierdelewicz [this message]
2012-02-07 18:23 ` netfilter performance dependent on arch Rick Jones
2012-02-07 18:54   ` Marek Kierdelewicz
2012-02-07 19:11     ` Stephen Hemminger
2012-02-07 19:48       ` Marek Kierdelewicz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120207183453.522fa74b@catus \
    --to=marek@piasta.pl \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.