Re: Avoiding natd overhead
- From: Vladimir Grebenschikov <vova@xxxxxxx>
- Date: Sat, 21 Oct 2006 13:54:53 +0400
В сб, 21/10/2006 в 00:47 -0600, Brett Glass пишет:
I'm working with a FreeBSD-based router that's using IPFW for
policy routing, traffic shaping, and transparent proxying and natd
for network address translation. IPFW does these things pretty well
(in fact, I don't know if another firewall, like pf, could even do
some of these things I'm doing with IPFW), but natd is by far the
most CPU-intensive process on the system and is causing it to
crumple like a wet towel under heavy loads. How can I replace just
the functionality of natd without moving to an entirely new
firewall? Can I still select which packets are routed to the NAT
engine, and when this occurs during the processing of the packet?
Problem is in location of natd functionality.
So, every packet which goes through nat should jump from kernel to
user-space and back. It is really takes a lot of resources.
Solutions:
1. use PF for nat - it does aliasing in kernel space
2. use in-kernel libalias implementation
(I guess man-page for ng_nat(4) will help)
--Brett Glass--
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
Vladimir B. Grebenschikov
vova@xxxxxxx
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Avoiding natd overhead
- From: Brett Glass
- Re: Avoiding natd overhead
- References:
- Avoiding natd overhead
- From: Brett Glass
- Avoiding natd overhead
- Prev by Date: Re: Avoiding natd overhead
- Next by Date: Re: Avoiding natd overhead
- Previous by thread: Re: Avoiding natd overhead
- Next by thread: Re: Avoiding natd overhead
- Index(es):
Relevant Pages
|
|
