2002-10-02 17:31:39

by Roberto Nibali

[permalink] [raw]
Subject: Re: [ANNOUNCE] NF-HIPAC: High Performance Packet Classification

Hi,

>>I will do a new round of testing this weekend for a speech I'll be
>>giving. This time I will include ipchains, iptables (of course I am
>>willing to apply every interesting patch regarding hash table
>>optimisation and whatnot you want me to test), nf-hipac, the OpenBSD pf
>>and of course the work done by Jamal.
>
> Look forward to any info you can provide.

Unfortunately (as always) there were tons of delays that didn't allow me
to finish the complete test suite as I hoped I could but I sent some
information off this list to Jamal and the nf-hipac guys about previous
test result. See below. I hope I can do more tests this weekend ...

> I particularly like that nf-hipac can be put in and tried in one-to-one
> comparison, that leaves an easy route to testing and getting confidence in
> the code.

Yes and it was very convincing after the first few tests Some prelimiary
test with raw TCP throughput have given me following really cool results:

TCP RAW throughput 100Mbit/s max MTU:
-------------------------------------
[email protected]:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/s

87380 16384 16384 60.01 88.03 <------
[email protected]:~/netperf-2.2pl2 >


TCP RAW throughput 100Mbit/s max MTU with 10000 non-matching rules + 1
last matching rule at the end of the FORWARD chain [iptables]:
----------------------------------------------------------------------
[email protected]:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec

87380 16384 16384 60.12 3.28 <------
[email protected]:~/netperf-2.2pl2 >


TCP RAW throughput 100Mbit/s max MTU with 10000 non-matching rules + 1
last matching rule at the end of the FORWARD chain [nf-hipac]:
----------------------------------------------------------------------
[email protected]:~/netperf-2.2pl2 > ./netperf -H 192.168.1.141 -p 6666 -l 60
TCP STREAM TEST to 192.168.1.141
Recv Send Send
Socket Socket Message Elapsed
Size Size Size Time Throughput
bytes bytes bytes secs. 10^6bits/sec

87380 16384 16384 60.03 85.78 <------
[email protected]:~/netperf-2.2pl2 >


For nf-hipac I also have some statistics:
-----------------------------------------
bloodyhell:/var/FWTEST/nf-hipac # cat /proc/net/nf-hipac
nf-hipac statistics
-------------------

Maximum available memory: 65308672 bytes

Currently used memory: 1764160 bytes

INPUT:
- INPUT chain is empty

FORWARD:
- Number of rules: 10002
- Total size: 1033010 bytes
- Total size (allocated): 1764160 bytes
- Termrule size: 80016 bytes
- Termrule size (allocated): 320064 bytes
- Number of btrees: 30007
* number of u32 btrees: 10003
+ distribution of u32 btrees:
[ 2, 4]: 10002
[ 16384, 32768]: 1
* number of u16 btrees: 10002
+ distribution of u16 btrees:
[ 1, 2]: 10002
* number of u8 btrees: 10002
+ distribution of u8 btrees:
[ 2, 4]: 18

OUTPUT:
- OUTPUT chain is empty

bloodyhell:/var/FWTEST/nf-hipac #

Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc