Hi, > Can you post some numbers relative to iptables? We have some performance tests available at: http://www.hipac.org/performance_tests/overview.html We also have a list of the independent performance tests we know of: http://www.hipac.org/performance_tests/independent.html > Some tests with the following parameters would be helpful: > - Variable incoming packet rate (in packets per second) > - Variable packet sizes > - Variable number of users/filters > - Effect of adding/removing/modifying policies while under different > incoming traffic rates. Most of this parameters are used in the performance tests above. The effect of adding/removing/modifying policies while under different incoming traffic rates has not been tested in the above tests. nf-HiPAC is based on a completely dynamic approach. This means that the algorithm used in HiPAC makes sure that the lookup data structure is not rebuild from scratch again as soon as you make a update of the data structure. Instead during an update of the policies only the required changes of the lookup data structure are made. This guaranties that the packet processing is only affected to the least possible amount during updates. It would certainly be nice to see some benchmark results for this case. nf-HiPAC is expected to handle this very well, because it was designed with this case in mind. Regards +---------------------------+ | Michael Bellion | | <mbellion@xxxxxxxxx> | +---------------------------+ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
