[tproxy] tproxy performance issues on different 2.6 kernels
ferents zvika
ferents at cs.bgu.ac.il
Tue Aug 29 11:22:36 CEST 2006
Hi,
I'm working on a firewall (reveresed-proxy) that needs to provide the "foreign connection" feature ,
my firewall read the requests from clients, and passes on the requests to the server , so i'm using the foreign-connect so that the server sees the real client's IP
It seems that i have some performance problems:
- On kernel 2.6.15 , even without the TPROXY patches i get lousy performance , it seems that this is a well known bug with E1000 drivers , so i can't use this kernel
- On kernel 2.6.10 + tproxy 2.0.1 , i got nice results without the tproxy patch, but when i added the tproxy - i got lousy performance
- On kernel 2.6.14.7 + tproxy 2.0.3 , i got great results without the tproxy patch (4500 trans/sec) , but when i added the tproxy - it was 3 times slower (1500 trans/sec) with many "failed to create a socket" errors
Now, since i would like to stick with the (almost) latest versions, i believe that 2.6.14.7 is enough for me, but i would appreciate to know :
1. are there any knows performance issues with the 2.6.14.7 kernel or with the tproxy-2.0.3 ?
2. my "kernel config" uses the following settings:
CONFIG_NETFILTER=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_TPROXY=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
do i need all these settings to get the "foreign-connect" or can i skip some and gain better results ?
thank you very much,
zvi ferents
More information about the tproxy
mailing list