Aleksandar Lazic al-nginx at
Tue May 20 09:47:41 MSD 2008

On Son 18.05.2008 07:30, Rt Ibmer wrote:
>Aleks wrote:
>>Is it possible to deactive the iptables, due the fact that a lot of
>>the high performance setups out there have seen that the connection
>>tracking with iptables have really bad performance impacts?
>Thanks for your reply.  Can you elaborate on what the "really bad
>performance impacts" are on this?

--- on page 6
Figure 7, 8 displays the results on conntrack: the maximal performance
halved compared to the plain routing case and the maximal new connection
rate is around 25,000 new connections/s, while the packet rate is about
330-340,000 pps. It is clear that connection tracking is an expensive
operation, which requires a lot of resources from the system.



