From: Tarkan Erimer <tarkan.erimer@f-secure.com>
To: <netfilter-devel@vger.kernel.org>
Subject: 10GbE Connectivity & Netfilter
Date: Tue, 13 Mar 2012 15:22:04 +0200 [thread overview]
Message-ID: <4F5F49FC.1080207@f-secure.com> (raw)
Hi all,
I have some questions regarding to 10GbE connectivity with
netfilter/iptables. I searched on google. But didn't find anything to
make a clear conclusion. Most of the results were just confusing,
conflicting with some others or quite outdated. So, I've decided to
write here to get best possible answers by its developers' mouth :-)
So, before asking my questions, here are the some details regarding to
the questioned environment :
- 10GbE NIC connectivity with the same speed direct Internet
(10Gbit/sec) connection.
- 350.000 - 400.000 packets/sec. inspections/forwarding in some peak
loads (it happens frequently. So, safe to say that it's average load
most of the time.)
- In peak times, there is 7-8 Gbit/sec. traffic. Average is around 5
Gbit/sec.
- Server has plenty of RAM and CPU/Cores. (Don't remember the exact
configs now.)
My questions :
1- Is netfilter subsystem multi-threaded/multi-core enabled ? So that,
it can spread the loads across the CPUs/Cores.
2- Can it handle such loads consistently (without any
issues/bottlenecks) as I've mentioned above ?
3- Is there any performance matrix and/or practical examples to see ?
4- What kind of netfilter/kernel configs recommended for such a load ?
Many Thanks In Advance For Your Valuable Answers!
Cheers.
Tarkan
next reply other threads:[~2012-03-13 13:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-13 13:22 Tarkan Erimer [this message]
2012-03-13 14:02 ` 10GbE Connectivity & Netfilter Jan Engelhardt
2012-03-13 14:10 ` Thomas Jarosch
2012-03-14 7:22 ` Tarkan Erimer
2012-03-14 7:21 ` Tarkan Erimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F5F49FC.1080207@f-secure.com \
--to=tarkan.erimer@f-secure.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).