How much overhead does IPFW incur?
The answer to this depends mostly on your rule set and processor speed. For most applications dealing with Ethernet and small rule sets, the answer is, negligible. For those of you that need actual measurements to satisfy your curiosity, read on. The following measurements were made using 2.2.5-STABLE on a 486-66. IPFW was modified to measure the time spent within the ip_fw_chk routine, displaying the results to the console every 1000 packets. Two rule sets, each with 1000 rules were tested.
The answer to this depends mostly on your rule set and processor speed. For most applications dealing with ethernet and small rule sets, the answer is, negligible. For those of you that need actual measurements to satisfy your curiosity, read on. The following measurements were made using 2.2.5-STABLE on a 486-66. IPFW was modified to measure the time spent within the ip_fw_chk routine, displaying the results to the console every 1000 packets. Two rule sets, each with 1000 rules were tested. The first set was designed to demonstrate a worst case scenario by repeating the rule: ipfw add deny tcp from any to any 55555 This demonstrates worst case by causing most of IPFW’s packet check routine to be executed before finally deciding that the packet does not match the rule (by virtue of the port number). Following the 999th iteration of this rule was an allow ip from any to any. The second set of rules were designed to abort the rule check quickly: ipfw add deny ip from 1.2.3.4 to 1.2.3.4 T
Related Questions
- If I am denied airline boarding access because I am contagious, will the MEDEX program pay for any expenses I incur due to the extended stay and will they change my flight?
- When creating queries, which keyword will create a sort and incur I/O and processing overhead?
- How much overhead does IPFW incur?
