Re: [LARTC] Linux router performance

2006-05-31 Thread Andreas John 
Hi,

Maybe:
Khan, Sohel; Waheed, Abdul (2003): High Performance Routing on
PCshttp://www.ccse.kfupm.edu.sa/~sohel/networking/references/Routing.pdf

A rule of thumb:
- with current COTS hardware and (standard) PCI Bus, you can reach the
maximum of the PCI bus bandwidth. That's 1 GB/s, e.h. two NICs with  500
Meg/s each ( one in and one out )
- with PCI-X and in the future PCI-express you'll for sure be able to
reach more performance. I didnt find a sponsor for a test-lab yet :)
- in DoS secnarios it may get worse :/ I heavily depends on driver type
(polling and NAPI preferred). The problem with the performace is
_always_ the number of interrupts, nothing else is a bottleneck (well,
we didn't talk about thousands of iptables rules yet, but you ask for a
'maximum').
- The question you have to ask in high-performance scenarios is not
"MBit/s" but MPPS (megapackets per seconds). FreeBSD and Linux broke the
1 MPPS barrier some time ago (on dual xeons).

rgds,
Andreas

Fermín Galán Márquez wrote:
> Hi,
> 
> I wonder about the performance of a Linux box used as router (I guest I'm
> not the first :). Althought I know it mainly depends on the hardware, I'm
> trying to find some references on the topic or comparations with other
> routing solutions (FreeBSD box used as router, Cisco, etc). For example,
> http://facweb.cti.depaul.edu/jyu/Publications/Yu-Linux-TSM2004.pdf
> (althought is related with Linux-briding more than with Linux-routing) shows
> in Figure 14 that with an AMD Duron 1.3GHz 512M RAM a throughput of 90 Mbps
> can be achieved.
> 
> Anybody knows any other similar analysis, please?
> 
> Best regards,
> 
> 
> Fermín Galán Márquez
> CTTC - Centre Tecnològic de Telecomunicacions de Catalunya
> Parc Mediterrani de la Tecnologia, Av. del Canal Olímpic s/n, 08860
> Castelldefels, Spain
> Room 1.02
> Tel : +34 93 645 29 12 
> Fax : +34 93 645 29 01
> Email address: [EMAIL PROTECTED] 
> 
> ___
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] iproute2 dump nat

2006-02-22 Thread Andreas John 
Sorry for disturbung you, but I am not aware about a specialized forum/ml for 
iproute2. I try to use iproute2's dumb nat, I tried with kernels 2.4.27, .32 
and 2.6.8.
While DNAT is working fine, I am not able to do any SNAT:

2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:e2:10:88:5f brd ff:ff:ff:ff:ff:ff
inet 10.10.20.10/24 brd 10.135.28.255 scope global eth0
inet6 fe80::204:e2ff:fe10:885f/64 scope link
   valid_lft forever preferred_lft forever
3: eth1:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:e2:10:80:d2 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 scope global eth1

I defined a ip rule:

lb-test-11:/usr/src/packages# ip rul sh
0:  from all lookup local
32764:  from 192.168.3.2 lookup main map-to 10.10.20.11
32766:  from all lookup main
32767:  from all lookup default

Packets comming in here (from 192.168.3.2):
# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
16:53:07.472210 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1366
16:53:08.471939 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1367
16:53:09.471768 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1368


and go out here (They are _from_ 192.168.3.2 , so policy 32764 should match)
# tcpdump -n -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:54:45.454799 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1464
16:54:46.454559 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1465
16:54:47.454396 IP 192.168.3.2 > 10.10.20.80: icmp 64: echo request seq 1466

Source NAT is not takeing place. And no, I dont have any iptables rules in 
PREROUTING.
Am I too dumb for or do I miss the point? Is there a way to log what policies 
are "hit" by packets?

Best Regards,
Andreas

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc