Re: Large scale NAT
- From: Erik Norgaard <norgaard@xxxxxxxxxxxx>
- Date: Fri, 11 May 2007 14:37:43 +0200 (CEST)
On Fri, 11 May 2007, Todor Dragnev wrote:
Hello list,
I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box(
v6.2) to translate RFC1918 ip addresses to real one.
All works fine, but my CPU usage is very high and router starts to drop
packets and sometimes freeze.
I fix freezes problem with POLLING but CPU usage is still very high.
Throughput on one interface is about 200Mbit/s, but next month I will need
more speed to pass through this box and I looking for better solution
What is the throughput limit what I can expect from FreeBSD in this
situation?
Are someone in the list have experience with large NAT tables?
It is time to switch to Cisco or something similar - any suggestions ?
There is a comparison of ip-filter and packet filter here
http://www.benzedrine.cx/pf-paper.html
Rather old now, but as I understand, pf does a better job when tables grow large when filtering is stateful.
Cheers, Erik
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
- References:
- Large scale NAT
- From: Todor Dragnev
- Large scale NAT
- Prev by Date: Large scale NAT
- Next by Date: RE: (REJECTED) Re: Re: details
- Previous by thread: Large scale NAT
- Next by thread: RE: (REJECTED) Re: Re: details
- Index(es):
Relevant Pages
|
|
