netfilter performance on low-end embedded systems
Robert Iakobashvili
coroberti at gmail.com
Mon Feb 12 17:22:12 CET 2007
Alexander,
> From: Alexander Sirotkin <demiurg at metalinkBB.com>
> I'm trying to evaluate the feasibility of using netfilter on low-end
> embedded processors, such as MIPS 4K or 24K. Basicly what I'm trying to
> understand is whether we can do 100Bps with netfilter enabled (firewall
> and NAT) on such a CPU or should we check hardware acceleration solution.
>
> If anybody did any similar benchmarks and can share results (does not
> have to be on MIPS) or just has any opinion on the subject - I'd be very
> grateful.
With reference to the low-end arm processors, high traffic is not a
problem, unless
you are not using a large number of iptables rules, which traversal by packets
is linear.
If you need lots many rules, e.g. hundreds, thousands, etc, consider
using various
flavors of ipset, nf-hypac, connection tracking, wise rules arrangement, etc.
Sincerely,
Robert Iakobashvili,
coroberti %x40 gmail %x2e com
...................................................................
Navigare necesse est, vivere non est necesse
...................................................................
http://sourceforge.net/projects/curl-loader
A powerful open-source HTTP/S, FTP/S traffic
generating, loading and testing tool.
More information about the netfilter-devel
mailing list