On Wed, Apr 24, 2013 at 1:46 PM, Sami Halabi <sodynet1_at_gmail.com> wrote: > Oliver, > Great and impressive job. Thanks, > 3. there some point of improved performance (without fw) that went down > again somewhere before Clang got prod. => Yes, I'm still working on detected the commit that create this degradation. > For now i would continue using ipfw :-) Don't use this bench for comparing pf and ipfw performance: Using the single parameter "small packet per second throughput" is not enough for comparing firewalls performance. If you read RFC3511 (Benchmarking Methodology for Firewall Performance) you will notice that we need to compare lot's more parameters like: - IP throughput - Concurrent TCP Connection Capacity - Maximum TCP Connection Establishment Rate - Maximum TCP Connection Tear Down Rate - Denial Of Service Handling - HTTP Transfer Rate - Maximum HTTP Transaction Rate - Illegal Traffic Handling - IP Fragmentation Handling - Latency - etc... And I want to add another: High availability feature like with pfsync :-) Regards, OlivierReceived on Wed Apr 24 2013 - 10:11:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC