netfilter performance dependent on arch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Hi,

Can anyone point me to some performance comparison of netfilter on i686
and x86_64? I have a few linux routers doing a lot of firewalling and
QoS. Currently those routers use i686 arch on 64-bit hardware. Would I
notice any performance gain after moving to 64-bit kernel?

Next question. On some routers I don't need statefull firewall at all
and I have NOTRACT as a default rule in raw netfilter table. What is
the expected performance gain if I would fully disable conntrack
instead of using NOTRACK target? What would be the best approach to do
it on debian squeeze distribution kernel (nf_conntrack compiled as a
module)? Is blacklisting nf_conntrack module enough (to be safe in case
of accidental addition of statefull rule)?

best regards,
Marek Kierdelewicz
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux