Hi,
I have done some tests, and i'm surprise with the poor result with NAT.
I have a linux firewall, 2.6.8 kernel, one card for public network, and one card for the lan.
All cards are giga bit cards.
I have 10 PC which are each in a VLAN, and with a gateway which is the virtual VLAN interface under the firewall link with the lan card.
I have 5 switch with a 100Mbit/s uplink to the firewall (with a giga bit backbone switch). I have 2PC under each switch. So in theory each PC have 50Mbit/s of bandwidth.
Each PC have 10 alias ip, so i have 10 networks with 10 virtuals clients under each network.
So each virtual client (100) have 5Mbit/s of bandwidth.
On the firewall each vlan network is SNAT to go out to the internet.
My bandwidth test is done with TPTEST, and a TPTEST server under the public network of the firewall.
My procedure is : tcp-receive of 50Mo
launch the test for 1 virtual client and get the time
launch the test for 2 virtuals clients together and get the time for each
....
launch the test for 100 virtuals ...
When i do my test without NAT, just routing, the total bandwidth used is near to 500Mbit/s, which is great !
But when i do my test with NAT, the total bandwidth used is near to 170Mbit/s !!! So i have an import drop of the performance !
And this bandwidth is the same from 20 virtuals clients to 100 virtuals clients.
So i understand that NAT need to rewrite all packets .. but here the performance is very poor.
If someone can explain me why ??
Thanks a lot Christophe SUIRE
