Hello, Jacky Lam a écrit : > Yes, my config is like this: > > Computer A (10.1.4.1) <-----> (eth0: 10.1.4.5) Linux Switch (eth1: > 11.1.4.5) <-------> Computer B (11.1.4.3) > > I each ip_forwarding and config the route table of Computer A,B. I get > 500Mb/s from iperf while Linux Switch is 100% loaded. > As I know this switching is done in IP level, Your box is set up as a router, not a switch/bridge. Routing is done at the IP level, and switching/bridging is done at the ethernet level. > I want to do the job in > data link layer to get higher throughput/lower CPU usage. Not sure you'll get higher throughput though. Bridging adds its own overhead. > Then I tried the following configuration: > > Computer A (10.1.4.1) <-----> (eth0) Linux Switch (eth1) <-------> > Computer B (10.1.4.3) > > I tried to setup a bridge like this as some document said: > > iptables -t nat -A POSTROUTING -s 10.1.4.0/24 -d 10.1.4.0/24 -j ACCEPT > iptables -t nat -A POSTROUTING -s 10.1.4.0/24 -j MASQUERADE What do you need these rules for ? They are not needed for pure bridging. > brctl addbr br0 > brctl stp br0 off > brctl addif br0 eth0 > brctl addif br0 eth1 > > ifconfig eth0 0 0.0.0.0 > ifconfig eth1 0 0.0.0.0 Ok. > ifconfig br0 10.1.4.5 netmask 255.255.255.0 up > > echo '1' > /proc/sys/net/ipv4/ip_forward This is IP-related and not required for pure bridging. > But the throughput is only 200Mb/s and my Linux Switch is 100% loaded. > What's wrong with that? It may be the overhead caused by bridge-nf, netfilter, IPv4 conntrack and iptables. Try with /proc/sys/net/bridge/bridge-nf-call-iptables set to 0. You did not explain what you want to do exactly with this box. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
