| To: | Simon Kirby <sim@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: Route cache performance |
| From: | jamal <hadi@xxxxxxxxxx> |
| Date: | Sat, 17 Sep 2005 11:17:20 -0400 |
| Cc: | Robert Olsson <Robert.Olsson@xxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, Eric Dumazet <dada1@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx |
| In-reply-to: | <20050917002823.GB19112@xxxxxxxxxxxxx> |
| Organization: | unknown |
| References: | <20050825200543.GA6612@xxxxxxxxxxxxxxx> <20050825212211.GA23384@xxxxxxxxxxxxx> <20050826115520.GA12351@xxxxxxxxxxxxxxx> <17167.29239.469711.847951@xxxxxxxxxxxx> <20050906235700.GA31820@xxxxxxxxxxxxx> <17182.64751.340488.996748@xxxxxxxxxxxx> <20050907162854.GB24735@xxxxxxxxxxxxx> <20050907195911.GA8382@xxxxxxxxxxxxxxx> <20050913221448.GD15704@xxxxxxxxxxxxx> <17191.55685.861191.831981@xxxxxxxxxxxx> <20050917002823.GB19112@xxxxxxxxxxxxx> |
| Reply-to: | hadi@xxxxxxxxxx |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Fri, 2005-16-09 at 17:28 -0700, Simon Kirby wrote: > nf_iterate was near the top even though the firewall was empty, so I > changed CONFIG_IP_NF_IPTABLES=y to CONFIG_IP_NF_IPTABLES=m (and didn't > load it). Throughput went up from 173 Mbps to 232 Mbps...yikes. > Conntrack was never compiled. I'll do some more profiling when I get > a chance... > If you want some basic stateless firewalling, turn off netfilter and use tc ingress/egress actions instead. The impact on performance is a lot more tolerable. cheers, jamal |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Route cache performance, Martin Josefsson |
|---|---|
| Next by Date: | [PATCH 1/2] forcedeth: Add hardware tx checksum support, Manfred Spraul |
| Previous by Thread: | Re: Route cache performance, Martin Josefsson |
| Next by Thread: | Re: Route cache performance, Alexey Kuznetsov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |