Hi all, As I read into the forum, NATting (SNAT) is expensive, using iptables to translate IP sucks the performance of the system. I just want to know if IProute2 can handle NATting and if it handels NATting can it performed faster than iptables? thanks, Wennie
"Wennie V. Lagmay" wrote:> > Hi all, > > As I read into the forum, NATting (SNAT) is expensive, using iptables to > translate IP sucks the performance of the system. I just want to know if > IProute2 can handle NATting and if it handels NATting can it performed > faster than iptables? > > thanks, > > WennieNo, ip does not "do" NAT, only iptables does. But it is not THAT much of a performance hit; I''ll bet you can''t measure its effect. -- gypsy
You are correct, I''ve done some testing with iptables and I never seen any effect. Wennie ----- Original Message ----- From: "gypsy" <gypsy@iswest.com> To: "Wennie V. Lagmay" <wlagmay@yanbulink.net> Cc: <lartc@mailman.ds9a.nl> Sent: Monday, May 16, 2005 5:16 AM Subject: Re: [LARTC] IPRoute2 vs Iptables> "Wennie V. Lagmay" wrote: >> >> Hi all, >> >> As I read into the forum, NATting (SNAT) is expensive, using iptables to >> translate IP sucks the performance of the system. I just want to know if >> IProute2 can handle NATting and if it handels NATting can it performed >> faster than iptables? >> >> thanks, >> >> Wennie > > No, ip does not "do" NAT, only iptables does. But it is not THAT much > of a performance hit; I''ll bet you can''t measure its effect. > -- > gypsy
On Sun, May 15, 2005 at 03:40:05PM +0300, Wennie V. Lagmay wrote:> Hi all,hi> As I read into the forum, NATting (SNAT) is expensive, using iptables to > translate IP sucks the performance of the system.Who says that? I never experienced this even on large networks. In fact I saw cisco''s NAT repeatedly freeze while an old pentium with linux was doing fine in the same situation. BTW iproute''s NAT was apparently disabled some time ago because there were problems. I think it''s mentioned in the docs.> WennieBye, Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023 -- The product Microsoft sells isn''t the software; it''s comfort. The product that Linux vendors usually sell is freedom.
Your right Peter, I do my own testing and found out that iptables is not a system or cpu sucker. wennie ----- Original Message ----- From: "Peter Surda" <shurdeek@routehat.org> To: <lartc@mailman.ds9a.nl> Sent: Tuesday, May 17, 2005 12:04 AM Subject: Re: [LARTC] IPRoute2 vs Iptables> On Sun, May 15, 2005 at 03:40:05PM +0300, Wennie V. Lagmay wrote: >> Hi all, > hi > >> As I read into the forum, NATting (SNAT) is expensive, using iptables to >> translate IP sucks the performance of the system. > Who says that? I never experienced this even on large networks. In fact I > saw > cisco''s NAT repeatedly freeze while an old pentium with linux was doing > fine > in the same situation. > > BTW iproute''s NAT was apparently disabled some time ago because there were > problems. I think it''s mentioned in the docs. > >> Wennie > Bye, > > Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, > +436505122023 > > -- > The product Microsoft sells isn''t the software; it''s comfort. > The product that Linux vendors usually sell is freedom. > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Tue, May 17, 2005 at 10:17:37AM +0300, Wennie V. Lagmay wrote:> Your right Peter, I do my own testing and found out that iptables is not a > system or cpu sucker.On the other hand, if you use "bad practices" such as putting 1000s of rules into one chain, you may experience bad performance.> wennieBye, Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023 -- Reboot America.