All of lore.kernel.org
 help / color / mirror / Atom feed
From: P@draigBrady.com
To: nf@hipac.org
Cc: Pekka Savola <pekkas@netcore.fi>,
	linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: [ANNOUNCE] nf-hipac v0.8 released
Date: Wed, 02 Jul 2003 14:08:52 +0100	[thread overview]
Message-ID: <3F02D964.7050301@draigBrady.com> (raw)
In-Reply-To: <200307021426.56138.nf@hipac.org>

Michael Bellion and Thomas Heinz wrote:
> Hi Pekka
> 
> 
>>Thanks for your clarification.  We've also conducted some tests with
>>bridging firewall functionality, and we're very pleased with nf-hipac's
>>performance!  Results below.
> 
> 
> Great, thanks a lot. Your tests are very interesting for us as we haven't done 
> any gigabit or SMP tests yet. 
> 
>>In the measurements, tests were run through a bridging Linux firewall,
>>with a netperf UDP stream of 1450 byte packets (launched from a different
>>computer connected with gigabit ethernet), with a varying amount of
>>filtering rules checks for each packet.
>>I don't have the specs of the Linux PC hardware handy, but I recall
>>they're *very* highend dual-P4's, like 2.4Ghz, very fast PCI bus, etc.
> 
> Since real world network traffic always consists of a lot of different sized 
> packets taking maximum sized packets is very euphemistic. 1450 byte packets 
> at 950 Mbit/s correspond to approx. 80,000 packets/sec.
> We are really interested in how our algorithm performs at higher packet rates. 
> Our performance tests are based on 100 Mbit hardware so we coudn't test with 
> more than approx. 80,000 packets/sec even with minimum sized packets.

Interrupt latency is the problem here. You'll require napi et. al
to get over this hump.

> At this 
> packet rate we were hardly able to drive the algorithm to its limit, even 
> with more than 25000 rules involved (and our test system was 1.3 GHz 
> uniprocessor).

Cool. The same sort of test with ordinary netfilter that
I did showed it could only handle around 125 rules at this
packet rate on a 1.4GHz PIII, e1000 @ 100Mb/s.

# ./readprofile -m /boot/System.map | sort -nr | head -30
   6779 total                                      0.0047
   4441 default_idle                              69.3906
    787 handle_IRQ_event                           7.0268
    589 ip_packet_match                            1.6733
    433 ipt_do_table                               0.6294
    106 eth_type_trans                             0.5521
     56 kfree                                      0.8750
     46 skb_release_data                           0.3194
     37 add_timer_randomness                       0.1542
     35 alloc_skb                                  0.0781
     30 __kmem_cache_alloc                         0.1172
     27 kmalloc                                    0.3375
     23 ip_rcv                                     0.0342
     22 do_gettimeofday                            0.1964
     20 netif_rx                                   0.0521
     19 __kfree_skb                                0.0540
     18 add_entropy_words                          0.1023
     15 __constant_c_and_count_memset              0.0938
     13 batch_entropy_store                        0.0813
     12 kfree_skbmem                               0.1071
     11 netif_receive_skb                          0.0208
      7 nf_iterate                                 0.0437
      7 nf_hook_slow                               0.0175
      6 process_backlog                            0.0221
      5 batch_entropy_process                      0.0223
      5 add_interrupt_randomness                   0.0781
      3 kmem_cache_free                            0.0625
      2 ipt_hook                                   0.0312
      1 write_profile                              0.0156
      1 ip_promisc_rcv_finish                      0.0208

Pádraig.


  reply	other threads:[~2003-07-02 13:00 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-25 20:48 [ANNOUNCE] nf-hipac v0.8 released Michael Bellion and Thomas Heinz
2003-06-25 21:03 ` Folkert van Heusden
2003-06-25 23:52   ` Thomas Heinz
2003-06-26 13:38 ` Daniel Egger
2003-06-26 14:20   ` Michael Bellion and Thomas Heinz
2003-06-26 14:45     ` Daniel Egger
2003-06-27  6:06 ` Pekka Savola
2003-06-28 20:04   ` Michael Bellion and Thomas Heinz
2003-06-29  6:26     ` Pekka Savola
2003-06-29  7:45       ` Roberto Nibali
2003-06-29 16:26       ` Michael Bellion and Thomas Heinz
2003-07-02  5:30         ` Pekka Savola
2003-07-02 12:26           ` Michael Bellion and Thomas Heinz
2003-07-02 13:08             ` P [this message]
2003-07-02 13:48               ` Michael Bellion and Thomas Heinz
2003-07-02 14:23                 ` P
2003-07-02 16:57                   ` Michael Bellion and Thomas Heinz
  -- strict thread matches above, loose matches on Subject: below --
2003-06-25 20:12 Michael Bellion and Thomas Heinz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F02D964.7050301@draigBrady.com \
    --to=p@draigbrady.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@oss.sgi.com \
    --cc=nf@hipac.org \
    --cc=pekkas@netcore.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.