Re: Some questions about using heavy iptables rules in a Linux box ....

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
To: hbchen <hbchen@lanl.gov>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Some questions about using heavy iptables rules in a Linux box ....
Date: Wed, 10 May 2006 01:59:11 +0200	[thread overview]
Message-ID: <44612CCF.5030400@gmx.net> (raw)
In-Reply-To: <4460B502.4080903@lanl.gov>

hbchen wrote:
> Hi,
> I have some questions about using heavy iptables rules in a Linux box.
> 1. Has anyone done a comparison of latency and throughput on traffic
> through an
>    Linux node with and without IPtables (using lots of filtering rules)?
> 2. How much CPU time is spending on iptables (heavy filtering rules)?
> 3. Any significant impact (latency and throughput) on 10G ethernet link?

May I suggest using nf-hipac? It's available at http://www.hipac.org/ .
Especially for thousands of rules, it should be faster than iptables.

Regards,
Carl-Daniel
-- 
http://www.hailfinger.org/

     prev parent reply	other threads:[~2006-05-09 23:59 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-09 15:28 Some questions about using heavy iptables rules in a Linux box hbchen
2006-05-09 23:14 ` John A. Sullivan III
2006-05-09 23:59 ` Carl-Daniel Hailfinger [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44612CCF.5030400@gmx.net \
    --to=c-d.hailfinger.devel.2006@gmx.net \
    --cc=hbchen@lanl.gov \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.