All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] IPRoute2 vs Iptables
@ 2005-05-15 12:40 Wennie V. Lagmay
  2005-05-16  2:16 ` gypsy
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: Wennie V. Lagmay @ 2005-05-15 12:40 UTC (permalink / raw)
  To: lartc

Hi all,

As I read into the forum, NATting (SNAT) is expensive, using iptables to 
translate IP sucks the performance of the system. I just want to know if 
IProute2 can handle NATting and if it handels NATting can it performed 
faster than iptables?

thanks,

 Wennie 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] IPRoute2 vs Iptables
  2005-05-15 12:40 [LARTC] IPRoute2 vs Iptables Wennie V. Lagmay
@ 2005-05-16  2:16 ` gypsy
  2005-05-16  5:03 ` Wennie V. Lagmay
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: gypsy @ 2005-05-16  2:16 UTC (permalink / raw)
  To: lartc

"Wennie V. Lagmay" wrote:
> 
> Hi all,
> 
> As I read into the forum, NATting (SNAT) is expensive, using iptables to
> translate IP sucks the performance of the system. I just want to know if
> IProute2 can handle NATting and if it handels NATting can it performed
> faster than iptables?
> 
> thanks,
> 
>  Wennie

No, ip does not "do" NAT, only iptables does.  But it is not THAT much
of a performance hit; I'll bet you can't measure its effect.
--
gypsy
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] IPRoute2 vs Iptables
  2005-05-15 12:40 [LARTC] IPRoute2 vs Iptables Wennie V. Lagmay
  2005-05-16  2:16 ` gypsy
@ 2005-05-16  5:03 ` Wennie V. Lagmay
  2005-05-16 21:04 ` Peter Surda
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Wennie V. Lagmay @ 2005-05-16  5:03 UTC (permalink / raw)
  To: lartc

You are correct, I've done some testing with iptables and I never seen any 
effect.

Wennie
----- Original Message ----- 
From: "gypsy" <gypsy@iswest.com>
To: "Wennie V. Lagmay" <wlagmay@yanbulink.net>
Cc: <lartc@mailman.ds9a.nl>
Sent: Monday, May 16, 2005 5:16 AM
Subject: Re: [LARTC] IPRoute2 vs Iptables


> "Wennie V. Lagmay" wrote:
>>
>> Hi all,
>>
>> As I read into the forum, NATting (SNAT) is expensive, using iptables to
>> translate IP sucks the performance of the system. I just want to know if
>> IProute2 can handle NATting and if it handels NATting can it performed
>> faster than iptables?
>>
>> thanks,
>>
>>  Wennie
>
> No, ip does not "do" NAT, only iptables does.  But it is not THAT much
> of a performance hit; I'll bet you can't measure its effect.
> --
> gypsy 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] IPRoute2 vs Iptables
  2005-05-15 12:40 [LARTC] IPRoute2 vs Iptables Wennie V. Lagmay
  2005-05-16  2:16 ` gypsy
  2005-05-16  5:03 ` Wennie V. Lagmay
@ 2005-05-16 21:04 ` Peter Surda
  2005-05-17  7:17 ` Wennie V. Lagmay
  2005-05-17 10:10 ` Peter Surda
  4 siblings, 0 replies; 6+ messages in thread
From: Peter Surda @ 2005-05-16 21:04 UTC (permalink / raw)
  To: lartc

On Sun, May 15, 2005 at 03:40:05PM +0300, Wennie V. Lagmay wrote:
> Hi all,
hi

> As I read into the forum, NATting (SNAT) is expensive, using iptables to 
> translate IP sucks the performance of the system.
Who says that? I never experienced this even on large networks. In fact I saw
cisco's NAT repeatedly freeze while an old pentium with linux was doing fine
in the same situation.

BTW iproute's NAT was apparently disabled some time ago because there were
problems. I think it's mentioned in the docs.

> Wennie 
Bye,

Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023

-- 
       The product Microsoft sells isn't the software; it's comfort.
         The product that Linux vendors usually sell is freedom.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] IPRoute2 vs Iptables
  2005-05-15 12:40 [LARTC] IPRoute2 vs Iptables Wennie V. Lagmay
                   ` (2 preceding siblings ...)
  2005-05-16 21:04 ` Peter Surda
@ 2005-05-17  7:17 ` Wennie V. Lagmay
  2005-05-17 10:10 ` Peter Surda
  4 siblings, 0 replies; 6+ messages in thread
From: Wennie V. Lagmay @ 2005-05-17  7:17 UTC (permalink / raw)
  To: lartc

Your right Peter, I do my own testing and found out that iptables is not a 
system or cpu sucker.

wennie
----- Original Message ----- 
From: "Peter Surda" <shurdeek@routehat.org>
To: <lartc@mailman.ds9a.nl>
Sent: Tuesday, May 17, 2005 12:04 AM
Subject: Re: [LARTC] IPRoute2 vs Iptables


> On Sun, May 15, 2005 at 03:40:05PM +0300, Wennie V. Lagmay wrote:
>> Hi all,
> hi
>
>> As I read into the forum, NATting (SNAT) is expensive, using iptables to
>> translate IP sucks the performance of the system.
> Who says that? I never experienced this even on large networks. In fact I 
> saw
> cisco's NAT repeatedly freeze while an old pentium with linux was doing 
> fine
> in the same situation.
>
> BTW iproute's NAT was apparently disabled some time ago because there were
> problems. I think it's mentioned in the docs.
>
>> Wennie
> Bye,
>
> Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, 
> +436505122023
>
> -- 
>       The product Microsoft sells isn't the software; it's comfort.
>         The product that Linux vendors usually sell is freedom.
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [LARTC] IPRoute2 vs Iptables
  2005-05-15 12:40 [LARTC] IPRoute2 vs Iptables Wennie V. Lagmay
                   ` (3 preceding siblings ...)
  2005-05-17  7:17 ` Wennie V. Lagmay
@ 2005-05-17 10:10 ` Peter Surda
  4 siblings, 0 replies; 6+ messages in thread
From: Peter Surda @ 2005-05-17 10:10 UTC (permalink / raw)
  To: lartc

On Tue, May 17, 2005 at 10:17:37AM +0300, Wennie V. Lagmay wrote:
> Your right Peter, I do my own testing and found out that iptables is not a 
> system or cpu sucker.
On the other hand, if you use "bad practices" such as putting 1000s of rules
into one chain, you may experience bad performance.

> wennie
Bye,

Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023

-- 
                           Reboot America.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-05-17 10:10 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-15 12:40 [LARTC] IPRoute2 vs Iptables Wennie V. Lagmay
2005-05-16  2:16 ` gypsy
2005-05-16  5:03 ` Wennie V. Lagmay
2005-05-16 21:04 ` Peter Surda
2005-05-17  7:17 ` Wennie V. Lagmay
2005-05-17 10:10 ` Peter Surda

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.