On 9/28/05, Paul Taylor <PaulTaylor at winn dash dixie dot com> wrote:
> I have also noticed that throughput isn't as good as I would expect.
> With the latest 1.2 beta on my net4801, I'm only seeing 18 Mbps from
> interface to interface... I measured this by watching the traffic graph as
> I performed a copy of some large files this past weekend.
That seems pretty slow too, though there are any number of reasons
that file transfers might be slower than you're used to. And not
nearly as dramatically bad as the first poster.
I've done extensive throughput testing on 4501, 4801, WRAP, and misc
PC hardware, and I"m setup to repeat those same tests. 1.11, 1.2b3
(first before FreeBSD 5.3), and 1.2b8 and b9 have all performed the
same for me, but I haven't yet gotten around to testing b10. Will do
so within the next week or so.
> I believe a similar test that I used with version 1.11 I got about 33 Mbps
> on the same hardware.. I don't know how much the rules have changed since
> then, but the way I understand ipf, it doesn't check every single packet
> against each rule, but just the first packet for a conversation. Since
> subsequent packets are part of an existing allowed conversation, I believe
> they are allowed through without going down the entire rule list. (Someone
> please correct me if I'm wrong on this)
that's right, they pass through since they're in the state table. if
packets aren't in the state table and aren't initiating a connection,
they're dropped by back end rules.