> Can you post some numbers relative to iptables?
We have some performance tests available at:
We also have a list of the independent performance tests we know of:
> Some tests with the following parameters would be helpful:
> - Variable incoming packet rate (in packets per second)
> - Variable packet sizes
> - Variable number of users/filters
> - Effect of adding/removing/modifying policies while under different
> incoming traffic rates.
Most of this parameters are used in the performance tests above.
The effect of adding/removing/modifying policies while under different
incoming traffic rates has not been tested in the above tests.
nf-HiPAC is based on a completely dynamic approach.
This means that the algorithm used in HiPAC makes sure that the lookup data
structure is not rebuild from scratch again as soon as you make a update of
the data structure.
Instead during an update of the policies only the required changes of the
lookup data structure are made. This guaranties that the packet processing is
only affected to the least possible amount during updates.
It would certainly be nice to see some benchmark results for this case.
nf-HiPAC is expected to handle this very well, because it was designed with
this case in mind.
| Michael Bellion |
| <mbellion@xxxxxxxxx> |