[quagga-users 12530] Re: bgp - quagga-0.99.18
if at xip.at
Mon Oct 24 02:15:53 IST 2011
>>> IPFW and traffic sharing is enabled (dummynet).
>> This is really a freebsd tuning question rather than a quagga specific
>> issue. However:
> Correct. I know something about how this would behave under Linux; FreeBSD performance is totally unknown to me.
>> - you really don't want to run firewalling on the same box as a border
>> router with full routing tables.
> Yes and no. You definitely don't want to be keeping state, and you want to limit packet processing to a minimum. However, if you can drop bad packets easily, it's cheaper to do so than to pass them to another box for handling.
I use ipfw at the border for filtering spoofed addresses and dummynet to
ratelimit vlan-interfaces - but you should avoid limiting routing
> If you're really pressed for CPU, you can investigate putting a box in between your router and your upstream, have it do transparent bridging, and drop some bad packets there. I haven't had to set that up here but it should work well.
>> - you probably want to enable device polling rather than using
>> interrupt-driven forwarding
> This is absolutely critical (and automatic) in Linux. No idea how FreeBSD behaves, but it has to do something similar or it'll fall over.
at my old plattform with freebsd 6 (pentium-m) I needed polling to avoid
lock-ups; with the new one (freebsd 8 / core2-quad) the systems works
just test it; for example generate packets with the linux traffic
generator kernel module.
with the core2-quad and desktop intel e1000 cards (it's an appliance) I'm
able to move 400kpps / 200mbit 64-byte packets;
with server-cards, especially 10gige cards 1mpps should be possible.
If you need no ipsec, you can enable fastforwarding.
check also manpage of network card (rx/tx buffer tuning) and:
More information about the Quagga-users