[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-isp
Subject: Re: Large scale NAT
From: Erik Norgaard <norgaard () locolomo ! org>
Date: 2007-05-11 12:37:43
Message-ID: 20070511143235.Y6855 () strange ! locolomo ! org
[Download RAW message or body]
On Fri, 11 May 2007, Todor Dragnev wrote:
> Hello list,
>
> I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box(
> v6.2) to translate RFC1918 ip addresses to real one.
>
> All works fine, but my CPU usage is very high and router starts to drop
> packets and sometimes freeze.
> I fix freezes problem with POLLING but CPU usage is still very high.
>
> Throughput on one interface is about 200Mbit/s, but next month I will need
> more speed to pass through this box and I looking for better solution
>
> What is the throughput limit what I can expect from FreeBSD in this
> situation?
>
> Are someone in the list have experience with large NAT tables?
> It is time to switch to Cisco or something similar - any suggestions ?
There is a comparison of ip-filter and packet filter here
http://www.benzedrine.cx/pf-paper.html
Rather old now, but as I understand, pf does a better job when tables grow
large when filtering is stateful.
Cheers, Erik
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic