[Soekris] Maximum throughput on Soekris 4521

[Harald Kubota]

Christian van den Bosch wrote:

>On Wed, 6 Aug 2003, Harald Kubota wrote:
>  
>
>>This is a bit less than 100MBit/s what it could have been theoretically.
>>    
>>
>Bear in mind that the kernel will most likely be doing store-and-forward,
>unless you the NIC driver was compiled to support direct forwarding, so
>unless the application you were using buffer-stuffs (i.e. writes a packet
>or two ahead of what it's got acks for) this will have a significant
>impact on throughput. What was CPU load like? what happens if you do two
>transfers at the same time? in the same direction? in opposite directions?
>  
>
Whoa! I did quick tests last week, no time for benchmark suites! ;-)

I wanted to know whether Linux 2.6 can handle more than 12 Mbit/s using
non-trivial firewall rules and NAT. Since I got far more than 12 MBit/s
throughput, I was happy and the net4521 works for what I planned it
to be used for.

Back to your concerns:

I could have used fast-forwarding in the Linux kernel, but that's
incompatible with firewalling. Which is what I need.

So, yes, it probably can forward packets faster given the correct kernel
options (especially with the zero-copy-TCP-capable natsemi driver),
but that's not what I wanted to know. I wanted the store-and-forward
as AFAIK firewalls do that.

If Linux and/or FreeBSD/OpenBSD can do firewalling with zero-copy-TCP, please
someone enlighten me.

Since I have the hardware encryption Mini-PCI board and Linux does not 
support it
(beside some old patch for some old FreeS/WAN) and since I want to use 
IPSec,
I never planned to use Linux anyway. It was just the quickest test I 
could use to
check out the forwarding speed.

As soon as I have FreeBSD up and running, I'll do more tests. Especially 
IPSec
tests. And with real-life firewall rules and NAT. And with more 
benchmark programs,
not only netperf.

Benchmark-suite, here we come!

Until then,
Harald