Re: [ANNOUNCE] nf-hipac v0.8 released

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: P@draigBrady.com
To: nf@hipac.org
Cc: Pekka Savola <pekkas@netcore.fi>,
	linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: [ANNOUNCE] nf-hipac v0.8 released
Date: Wed, 02 Jul 2003 14:08:52 +0100	[thread overview]
Message-ID: <3F02D964.7050301@draigBrady.com> (raw)
In-Reply-To: <200307021426.56138.nf@hipac.org>

Michael Bellion and Thomas Heinz wrote:
> Hi Pekka
> 
> 
>>Thanks for your clarification.  We've also conducted some tests with
>>bridging firewall functionality, and we're very pleased with nf-hipac's
>>performance!  Results below.
> 
> 
> Great, thanks a lot. Your tests are very interesting for us as we haven't done 
> any gigabit or SMP tests yet. 
> 
>>In the measurements, tests were run through a bridging Linux firewall,
>>with a netperf UDP stream of 1450 byte packets (launched from a different
>>computer connected with gigabit ethernet), with a varying amount of
>>filtering rules checks for each packet.
>>I don't have the specs of the Linux PC hardware handy, but I recall
>>they're *very* highend dual-P4's, like 2.4Ghz, very fast PCI bus, etc.
> 
> Since real world network traffic always consists of a lot of different sized 
> packets taking maximum sized packets is very euphemistic. 1450 byte packets 
> at 950 Mbit/s correspond to approx. 80,000 packets/sec.
> We are really interested in how our algorithm performs at higher packet rates. 
> Our performance tests are based on 100 Mbit hardware so we coudn't test with 
> more than approx. 80,000 packets/sec even with minimum sized packets.

Interrupt latency is the problem here. You'll require napi et. al
to get over this hump.

> At this 
> packet rate we were hardly able to drive the algorithm to its limit, even 
> with more than 25000 rules involved (and our test system was 1.3 GHz 
> uniprocessor).

Cool. The same sort of test with ordinary netfilter that
I did showed it could only handle around 125 rules at this
packet rate on a 1.4GHz PIII, e1000 @ 100Mb/s.

# ./readprofile -m /boot/System.map | sort -nr | head -30
   6779 total                                      0.0047
   4441 default_idle                              69.3906
    787 handle_IRQ_event                           7.0268
    589 ip_packet_match                            1.6733
    433 ipt_do_table                               0.6294
    106 eth_type_trans                             0.5521
     56 kfree                                      0.8750
     46 skb_release_data                           0.3194
     37 add_timer_randomness                       0.1542
     35 alloc_skb                                  0.0781
     30 __kmem_cache_alloc                         0.1172
     27 kmalloc                                    0.3375
     23 ip_rcv                                     0.0342
     22 do_gettimeofday                            0.1964
     20 netif_rx                                   0.0521
     19 __kfree_skb                                0.0540
     18 add_entropy_words                          0.1023
     15 __constant_c_and_count_memset              0.0938
     13 batch_entropy_store                        0.0813
     12 kfree_skbmem                               0.1071
     11 netif_receive_skb                          0.0208
      7 nf_iterate                                 0.0437
      7 nf_hook_slow                               0.0175
      6 process_backlog                            0.0221
      5 batch_entropy_process                      0.0223
      5 add_interrupt_randomness                   0.0781
      3 kmem_cache_free                            0.0625
      2 ipt_hook                                   0.0312
      1 write_profile                              0.0156
      1 ip_promisc_rcv_finish                      0.0208

Pádraig.

next prev parent reply	other threads:[~2003-07-02 13:08 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-25 20:48 [ANNOUNCE] nf-hipac v0.8 released Michael Bellion and Thomas Heinz
2003-06-25 21:03 ` Folkert van Heusden
2003-06-25 23:52   ` Thomas Heinz
2003-06-26 13:38 ` Daniel Egger
2003-06-26 14:20   ` Michael Bellion and Thomas Heinz
2003-06-26 14:45     ` Daniel Egger
2003-06-27  6:06 ` Pekka Savola
2003-06-28 20:04   ` Michael Bellion and Thomas Heinz
2003-06-29  6:26     ` Pekka Savola
2003-06-29  7:45       ` Roberto Nibali
2003-06-29 16:26       ` Michael Bellion and Thomas Heinz
2003-07-02  5:30         ` Pekka Savola
2003-07-02 12:26           ` Michael Bellion and Thomas Heinz
2003-07-02 13:08             ` P [this message]
2003-07-02 13:48               ` Michael Bellion and Thomas Heinz
2003-07-02 14:23                 ` P
2003-07-02 16:57                   ` Michael Bellion and Thomas Heinz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F02D964.7050301@draigBrady.com \
    --to=p@draigbrady.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@oss.sgi.com \
    --cc=nf@hipac.org \
    --cc=pekkas@netcore.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).