Re: about the performance of netfilter

Bill Davidsen (davidsen@tmr.com)
Tue, 30 Jul 2002 12:29:20 -0400 (EDT)


On Wed, 24 Jul 2002, zhengchuanbo wrote:

>
> we use a linux router. i just tested the performance of the router. when
> the kernel is build without netfilter support,the throughput of 64bytes
> frame is about 45%. when i build the kernel with netfilter (only the
> ip_filter module),the throughput dropped to 24%, without any rules. so
> is there some way to improve the performance? i just want some simple
> packet filter. is netfilter no so good on the performance compare to
> ipchains due to the improved functionality? please cc. thanks.

I'm not sure what you mean by 24%, since you don't say of what. I'm not
sure what you expect, an old Pentium 133 gives me 6-8Mbit on 10Mbit cards,
with a fair number of rules installed. If you are trying to load up Gbit
with a 386-16 or something, it won't work well, but for typical small
office setups Linux routing seems to run about as fast as directly
connected machines on the same subnet, although there is latency going
through the router.

-- 
bill davidsen <davidsen@tmr.com>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/