[quagga-users 12530] Re: bgp - quagga-0.99.18

Ingo Flaschberger if at xip.at
Mon Oct 24 02:15:53 IST 2011

>>> IPFW and traffic sharing is enabled (dummynet).
>> This is really a freebsd tuning question rather than a quagga specific
>> issue.  However:
> Correct. I know something about how this would behave under Linux; FreeBSD performance is totally unknown to me.
>> -  you really don't want to run firewalling on the same box as a border
>> router with full routing tables.
> Yes and no. You definitely don't want to be keeping state, and you want to limit packet processing to a minimum. However, if you can drop bad packets easily, it's cheaper to do so than to pass them to another box for handling.

I use ipfw at the border for filtering spoofed addresses and dummynet to 
ratelimit vlan-interfaces - but you should avoid limiting routing 

> If you're really pressed for CPU, you can investigate putting a box in between your router and your upstream, have it do transparent bridging, and drop some bad packets there. I haven't had to set that up here but it should work well.
>> -  you probably want to enable device polling rather than using
>> interrupt-driven forwarding
> This is absolutely critical (and automatic) in Linux. No idea how FreeBSD behaves, but it has to do something similar or it'll fall over.

at my old plattform with freebsd 6 (pentium-m) I needed polling to avoid 
lock-ups; with the new one (freebsd 8 / core2-quad) the systems works 
better without.
just test it; for example generate packets with the linux traffic 
generator kernel module.

with the core2-quad and desktop intel e1000 cards (it's an appliance) I'm 
able to move 400kpps / 200mbit 64-byte packets;
with server-cards, especially 10gige cards 1mpps should be possible.

If you need no ipsec, you can enable fastforwarding.

check also manpage of network card (rx/tx buffer tuning) and:

Kind regards,
 	Ingo Flaschberger

More information about the Quagga-users mailing list