Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > "iptables mark with filter fw" vs "u32 match"

Reply
Thread Tools Display Modes

"iptables mark with filter fw" vs "u32 match"

 
 
=?ISO-8859-2?Q?Pawe=B3?= Staszewski
Guest
Posts: n/a

 
      03-05-2005, 05:09 PM
Hello

Does anyone do tests to compare performance iptables marking with u32
filter ... ??

u32 filter with 4000 rules on physical interface do 99% CPU ( 2,66GHz Xeon )

4000 iptables rules with mark for fw filter do 89% CPU ( 2.66GHz Xeon )

But if i optimize iptables and make separate chains then CPU is 20% ....

Anyone has other results or tests ??
 
Reply With Quote
 
 
 
 
Andy Furniss
Guest
Posts: n/a

 
      03-05-2005, 05:25 PM
Paweł Staszewski wrote:
> Hello
>
> Does anyone do tests to compare performance iptables marking with u32
> filter ... ??
>
> u32 filter with 4000 rules on physical interface do 99% CPU ( 2,66GHz Xeon )
>
> 4000 iptables rules with mark for fw filter do 89% CPU ( 2.66GHz Xeon )
>
> But if i optimize iptables and make separate chains then CPU is 20% ....
>
> Anyone has other results or tests ??
>
>

You can classify directly with netfilter now.

Andy.
 
Reply With Quote
 
=?ISO-8859-2?Q?Pawe=B3?= Staszewski
Guest
Posts: n/a

 
      03-05-2005, 05:42 PM
Andy Furniss wrote:

> Pawe³ Staszewski wrote:
>> Hello
>>
>> Does anyone do tests to compare performance iptables marking with u32
>> filter ... ??
>>
>> u32 filter with 4000 rules on physical interface do 99% CPU ( 2,66GHz
>> Xeon )
>>
>> 4000 iptables rules with mark for fw filter do 89% CPU ( 2.66GHz Xeon )
>>
>> But if i optimize iptables and make separate chains then CPU is 20% ....
>>
>> Anyone has other results or tests ??
>>
>>
>
> You can classify directly with netfilter now.
>
> Andy.

hmm ... Andy are You trying to say that iptables has more performance to do
classifying than u32 filters ???
 
Reply With Quote
 
Andy Furniss
Guest
Posts: n/a

 
      03-05-2005, 09:23 PM
Pawe³ Staszewski wrote:
> Andy Furniss wrote:
>
>
>>Pawe³ Staszewski wrote:
>>
>>>Hello
>>>
>>>Does anyone do tests to compare performance iptables marking with u32
>>>filter ... ??
>>>
>>>u32 filter with 4000 rules on physical interface do 99% CPU ( 2,66GHz
>>>Xeon )
>>>
>>>4000 iptables rules with mark for fw filter do 89% CPU ( 2.66GHz Xeon )
>>>
>>>But if i optimize iptables and make separate chains then CPU is 20% ....
>>>
>>>Anyone has other results or tests ??
>>>
>>>
>>
>>You can classify directly with netfilter now.
>>
>>Andy.
>
>
> hmm ... Andy are You trying to say that iptables has more performance to do
> classifying than u32 filters ???
>

I haven't tested, but I guess direct classify will be better than mark +
filter.

Andy.
 
Reply With Quote
 
 
 
Reply

« Putting a printer (LJ IIIp) on a network? | DHCP and DNS »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Call filter" and "Data filter", firewall clarification wanted please tinnews@isbd.co.uk Home Networking 2 04-15-2008 09:16 AM
[Fwd: SPEWS DOLTS "SneakyP", "Kevin!:?)", "WindsorFox" SPAM braodbandnewsgroup] !:?) Broadband 0 11-30-2005 01:04 AM
Re: SPEWS SLIMES "WindsorFox", "Kevin-!:?)", "Spin Dryer" get the cold shoulder at broadband ng! SneakyP Broadband 0 11-29-2005 10:46 PM
Attention Plus.net Re: SPEWS DOLTS "WindsorFox", "Kevin-!:?)", "SpinDryer" SPAM broadband newsgroup !:?) Broadband 0 11-28-2005 04:28 AM
Attention Plus.Net Re: SPEWS DOLTS "WindsorFox", "Kevin-!:?)", "SpinDryer" SPAM braodband newsgroup !:?) Broadband 0 11-28-2005 03:03 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11