> > This is interesting functionality, but I think we need to look at it a bit > closer for our use case. Is there any benefit in running this in a firewall > scenario? That's primarily what Scott and I (pfsense) are interested in. In > our world, if you're pushing 50Kpps+, you're almost certainly falling into > the "small ISP doing IP forwarding" scenario with hundreds of thousands of > unique destinations. Where we usually see these kinds of loads are small > ISPs, web hosting companies, or universities (which are functionally not > much diff from a small ISP), all of which I'm familiar with falling into the > "better off disabling" category. I also suspect pf's locking negates some or > all of the benefits here. If you lack any locality, i.e. within a 30 second window most of of the recipients are distinct, then it is not likely to be beneficial. I encourage you to test with and without. > I suspect it's not applicable to the specific workload our users normally > have, where you're almost entirely doing IP forwarding, and initiating very > little if any traffic. bz_at_ said it's not something you want on a router. Is > that a fair assessment? Probably. As I say, please test with vs. without. Odds are you are correct that even with locality the contention in PF will mask any benefit. Thanks, KipReceived on Sun Jul 12 2009 - 22:50:31 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:51 UTC