"For us, open source isn't just a business model; it's smart engineering practice." -- Bruce Schneier I hope I'm not the only one, but I think the NSA (and other state actors) intentionally introducing systemic weaknesses or backdoors into critical infrastructure is pretty ... reckless. I really can't figure out if it's arrogance or just plain naivety on their part, but they seem pretty confident that the information won't ever fall into the wrong hands and keep pushing forward. So for me, this is an area I've very interested in seeing some progress. I think most people don't realize that if you only care about 1G performance levels, commodity hardware can be more than fine. Linux netfilter makes a really great firewall, and it's the most peer-reviewed in the world. On Wed, Jan 28, 2015 at 6:18 PM, Adrian Chadd <adrian@creative.net.au> wrote:
[snip]
To inject science into the discussion:
http://bsdrp.net/documentation/examples/forwarding_performance_lab_of_an_ibm...
And he maintains a test setup to check for performance regressions:
http://bsdrp.net/documentation/examples/freebsd_performance_regression_lab
Now, this is using the in-kernel stack, not netmap/pfring/etc that uses all the batching-y, stack-shallow-y implementations that the kernel currently doesn't have. But, there are people out there doing science on it and trying very hard to kick things along. The nice thing about what has come out of the DPDK related stuff is, well, the bar is set very high now. Now it's up to the open source groups to stop messing around and do something about it.
If you're interested in more of this stuff, go poke Jim at pfsense/netgate.
-adrian (This and RSS work is plainly in my "stuff I do for fun" category, btw.)
-- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net