Stef Coene wrote: > > Stef, > > > > We have about 3200 iptables rules on our bridge. I've tested today to > > remove 1000 of these rules. The load dropped from about 40% to 25%. So I > > think the iptables rule take up the most of the CPU load. Do you think this > > is a problem of ineffeciency of iptables or just a 'limitation' in the > > TCP/IP stack of linux ? > I don't think it's a limitation. I think you reached the point where you need > a bigger machine :) Some topic-related observations: AMD Athlon XP1700+ (1466), 4xRealtek8139, 5-6Mbit/s - nearly reaching the limit of machine capabalities P4 2000, 3com905C+BROADCOM BCM5701, 40-50Mbit/s - far better behavior Same configuration on both, thousands of iptables rules, and on the p4 machine there are 200-250 concurrent pppoe sessions (none on the athlon) > > Maybe you can try to iptables mailing list to find more info about the > performance you can expect : > http://lists.netfilter.org/mailman/listinfo/netfilter > > Stef > > -- > > stef.coene@xxxxxxxxx > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
