[afnog] IPfw + natd

Thu Dec 1 19:08:58 EAT 2005

On Thu, Dec 01, 2005 at 05:06:34PM +0200, Mark Tinka wrote:
> Hello.
> 
> I'm testing IPfw + natd on FreeBSD 6.0 for Sparc/64. For 
> the most part, it's working, but I can't help feeling 
> like it's a tad sluggish - bumping connections a few 
> times.

	To add to Brian's questions -- what traffic are you running through it ?
	(capacity).  On heavy loads it helps to go into polling mode
	so that context switches to userland (as you point out natd runs --
	for the moment -- in userland, it will be possible in 7.0, maybe 6.x
	to do in-kernel NAT) get a chance to be schedules fairly.

> Because IPfw + natd run in userland, could it be slower 
> because it's not processed in the kernel? Anyone else 
> experience anything like this?

	Possibly, on very heavy loads.