* Perfomance problem on MIPS
@ 2006-06-01 5:09 art
2006-06-01 7:46 ` lst_hoe01
0 siblings, 1 reply; 3+ messages in thread
From: art @ 2006-06-01 5:09 UTC (permalink / raw)
To: netfilter
Hello all,
I have some problem with using iptables:
I work with Infineon ADM5120 SOC. It has MIPS32 4KC processor(200MHz),
embedded ADM5120 switch (with 4 100Mbit interfaces).
I get embedded Linux OS work on it.
I test network bandwidth without iptables enabled in kernel - result
80Mbit/s.
When I enable Connection tracking (I need NAT) & iptables and test
WITOUT ANY RULES - bandwidth was near 35-40Mbi/s.
Then I make several tests and find that most bandwidth reduction
occurs when enabling Connection tracking.
It's wery upset fact. What can be done with this? Can I get version
where NAT not depend on Connection tracking?
--
Best regards,
art mailto:art@sigrand.ru
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Perfomance problem on MIPS
2006-06-01 5:09 Perfomance problem on MIPS art
@ 2006-06-01 7:46 ` lst_hoe01
2006-06-01 8:55 ` Philip Craig
0 siblings, 1 reply; 3+ messages in thread
From: lst_hoe01 @ 2006-06-01 7:46 UTC (permalink / raw)
To: netfilter
Zitat von art <art@sigrand.ru>:
> Hello all,
>
> I have some problem with using iptables:
> I work with Infineon ADM5120 SOC. It has MIPS32 4KC processor(200MHz),
> embedded ADM5120 switch (with 4 100Mbit interfaces).
> I get embedded Linux OS work on it.
> I test network bandwidth without iptables enabled in kernel - result
> 80Mbit/s.
> When I enable Connection tracking (I need NAT) & iptables and test
> WITOUT ANY RULES - bandwidth was near 35-40Mbi/s.
> Then I make several tests and find that most bandwidth reduction
> occurs when enabling Connection tracking.
>
> It's wery upset fact. What can be done with this? Can I get version
> where NAT not depend on Connection tracking?
For performance see
http://people.netfilter.org/kadlec/nftest.pdf
For NAT without conntrack use NOTRACK or disable connection tracking at all.
Regards
Andreas
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Perfomance problem on MIPS
2006-06-01 7:46 ` lst_hoe01
@ 2006-06-01 8:55 ` Philip Craig
0 siblings, 0 replies; 3+ messages in thread
From: Philip Craig @ 2006-06-01 8:55 UTC (permalink / raw)
To: netfilter
On 06/01/2006 05:46 PM, lst_hoe01@kwsoft.de wrote:
> Zitat von art <art@sigrand.ru>:
>> It's wery upset fact. What can be done with this? Can I get version
>> where NAT not depend on Connection tracking?
>
> For performance see
>
> http://people.netfilter.org/kadlec/nftest.pdf
>
> For NAT without conntrack use NOTRACK or disable connection tracking at all.
You cannot use the standard kernel NAT without connection tracking.
It should be possible to write some stateless mangle targets that
can do simple address rewriting if that is all you need (this is the
equivalent of what the fast nat in 2.2 and 2.4 kernels did).
But if you need many to 1 NAT, or complex protocols such as FTP,
then you must use connection tracking.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-06-01 8:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-01 5:09 Perfomance problem on MIPS art
2006-06-01 7:46 ` lst_hoe01
2006-06-01 8:55 ` Philip Craig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox