Re: forwarding/ipfw/pf evolution (in pps) on -current

From: Olivier Cochard-Labbé <olivier_at_cochard.me>
Date: Wed, 24 Apr 2013 14:10:58 +0200
On Wed, Apr 24, 2013 at 1:46 PM, Sami Halabi <sodynet1_at_gmail.com> wrote:
> Oliver,
> Great and impressive job.

Thanks,

> 3. there some point of improved performance (without fw) that went down
> again somewhere before Clang got prod.

=> Yes, I'm still working on detected the commit that create this degradation.

> For now i would continue using ipfw :-)

Don't use this bench for comparing pf and ipfw performance: Using the
single parameter "small packet per second throughput" is not enough
for comparing firewalls performance.

If you read RFC3511 (Benchmarking Methodology for Firewall
Performance) you will notice that we need to compare lot's more
parameters like:
- IP throughput
- Concurrent TCP Connection Capacity
- Maximum TCP Connection Establishment Rate
- Maximum TCP Connection Tear Down Rate
- Denial Of Service Handling
- HTTP Transfer Rate
- Maximum HTTP Transaction Rate
- Illegal Traffic Handling
- IP Fragmentation Handling
- Latency
- etc...
And I want to add another: High availability feature like with pfsync :-)

Regards,

Olivier
Received on Wed Apr 24 2013 - 10:11:19 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC