Re: linux/iptables + smp question

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Harald Welte <laforge@netfilter.org>
To: Juan Pablo Abuyeres <jpabuyer@tecnoera.com>
Cc: linux-kernel@vger.kernel.org, netfilter@lists.netfilter.org
Subject: Re: linux/iptables + smp question
Date: Fri, 28 Apr 2006 19:50:03 -0300	[thread overview]
Message-ID: <20060428225003.GF5598@rama> (raw)
In-Reply-To: <44520085.3030909@tecnoera.com>

[-- Attachment #1: Type: text/plain, Size: 1308 bytes --]

On Fri, Apr 28, 2006 at 07:46:13AM -0400, Juan Pablo Abuyeres wrote:
> Hi guys,

Hi, please follow up to the netfilter mailinglist, since this is not a
kernel [development] question.

> I've been using an old single processor / linux 2.4 iptables based firewall for a few years.
>
> Now it's time to upgrade that machine, so, I am wondering, would it be of real benefit if I put a 
> two-processor system for a firewall? This machine is going to have 4 NICs, it's going to make 
> routing (lots of routes), and firewall (iptables). I don't know if these kind of tasks take 
> advantage from a multiple-processor architecture. Please enlighten me :)

some notes:

1) 2.6. network stack scales better on smp
2) iptables and routing both scale very good on smp systems, if you use
   multiple interfaces and distribute the interrupts over multiple cpus
3) connection tracking inherently scales less good on SMP systems

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

     prev parent reply	other threads:[~2006-04-28 22:49 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-28 11:46 linux/iptables + smp question Juan Pablo Abuyeres
2006-04-28 22:50 ` Harald Welte [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060428225003.GF5598@rama \
    --to=laforge@netfilter.org \
    --cc=jpabuyer@tecnoera.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox