Subject: Re: ipfilter performance with 'count' rules on NetBSD-1.4/i386
To: None <current-users@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 09/14/1999 12:20:33
blackbox@openface.ca (Erik Rungi) writes:
> Rules | latency(1) | thpt| latency(2)
> 800 | 1.9/2.0/3.4 | 830 | 2.4/14.3/42.9
> 600 | 1.6/1.6/2.5 | 840 | 1.6/11.6/26.6
> 400 | 1.3/1.3/4.7 | 795 | 1.3/10.9/39.4
> 300 | 1.2/1.2/2.0 | 795 | 1.2/11.6/26.4
> 200 | 1.0/1.1/6.9 | 840 | 1.1/8.6/23.2
> 100 | 0.9/0.9/4.2 | 790 | 0.9/12.0/31.8
> 2 | | 815 | 0.7/7.8/19.8
Thanks for sharing this. I was somewhat concerned about having 60 ipf
input rules where having on performance. I guess I needn't have
worried.
> Please do not interpret this email as an attack or a complaint against
> IPFILTER or any of the operating systems that use it. I understand that my
Heck no. This sounds like a confirmation that for simple filtering
IPF has almost no effect. From the data it looks like ipf adds
roughly 0.1 - 0.2 ms per 100 rules. Thats well below anything I'm
worried about.
-wolfgang
--
Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet http://www.wsrcc.com/wolfgang/gps/dgps-ip.html