Time to let go of ipfilter
Francois Tigeot
ftigeot at wolfpond.org
Tue Feb 22 02:39:55 PST 2011
On Tue, Feb 22, 2011 at 11:49:49AM +0200, Atte Peltomäki wrote:
> On Tue, Feb 22, 2011 at 10:16:48AM +0100, Francois Tigeot wrote:
> > On Tue, Feb 22, 2011 at 10:45:35AM +0200, Atte Peltomäki wrote:
> > > On Tue, Feb 22, 2011 at 02:20:59AM -0600, Chris Turner wrote:
> > > > On 02/21/11 07:57, Atte Peltomäki wrote:
> > > > > PF is simply too slow. It does have good functionality and it's easy to
> > > > > use, but it doesn't scale beyond small/medium networks. I stress-tested
> > > > > it some time ago and OpenBSD/pf could get a combined throughput of
> > > > > around 1.6Gbps. FreeBSD/pf got a little better, but not so that it would
> > > > > really mean much.
> > > >
> > > > What was the max {memory,pci,processor} bandwitdth on the machine under
> > > > test?
>
> I see. It's been ages, but I found something that's more or less
> relevant. It was DELL R710 I spoke of above, but R610 were quite equal in
> performance, once I fixed bugs mentioned in these mails:
>
> http://kameli.org/r610-dmesg.txt
> http://kameli.org/if_em-fixes.txt
I see the CPUs were Xeon E5540.
They have up to 25 GB/s of memory bandwidth per socket and the machine used
a PCI-e bus which also had much more bandwidth than the 4 Gb/s of your
network card.
This should have been plenty.
Still, I've not found an official product page on the Intel web site for your
network adapter and given the bugs you have encountered, I wouldn't dismiss
it entirely as the cause of some of your troubles.
--
Francois Tigeot
More information about the Kernel
mailing list