Hi Alfredo, Thanks for the reply. Because I want the traffic to go through the netfilter module since we have some iptables rules. Regards,Giray
From: [email protected] Date: Fri, 30 Jan 2015 11:56:22 +0100 To: [email protected] Subject: Re: [Ntop-misc] Pf_ring - libpcap performance issue Hi Giraycopying packets from kernel space to user space is costly, that’s why you see this performance drop,packet forwarding is also affected because you are adding overhead.Can I ask you why you cannot bypass the kernel? Alfredo On 29 Jan 2015, at 09:48, Giray Simsek <[email protected]> wrote:Hi, I'm currently working on testing Linux network performance. I have two Linux machines in our test setup. Machine1 is the attacker machine from which we are sending SYN packets to Machine2 at a rate of 3million pps. I'm able to receive these packets on Machine2's external interface and forward them through the internal interface without dropping any packets. So far no problems. However, when I start another app that captures traffic on Machine2's external interface using libpcap, the amount of traffic that is forwarded drops significantly. Obviously, this second libpcap app becomes a bottleneck. It can capture only about 800Kpps of traffic and only about 800Kpps can be forwarded in this case. Since I hit this bottleneck I performed the same test using pf_ring aware libpcap using pfcount. The amount of traffic that we captured was better now (~ 1.2 Mpps) but still the forwarded traffic was limited by the capturing application. Only about ~1.2 Mpps is forwarded. Roughly the same amount as captured. I used transparent_mode=1. I don't use DNA since I don't want to bypass kernel. What I don't understand is why is the capturing performance limiting the forwarding performance? If I set a filter on libpcap and capture just a small amount (say 100Kpps) of the incoming traffic, then the forwarding performance is not affected? Any ideas to overcome this problem? Are there any pf_ring related solutions? Both machines are running Linux kernel 3.15. Thanks in advance.Giray_______________________________________________Ntop-misc mailing [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
