|
Hello,
On Mon, 4 Mar 2002, Michael McConnell wrote:
> Hello all, I know this has been discussed quite extensively, but I'm having
> a hard time understanding this section of the howto:
> http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-12.html#ss12.1
> 4
Look at the original posting:
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=99554689108488&w=2
> Quote:
>
> Linux 2.2 (with ipchains support, with modified demasq path to use one input
> routing call, something like LVS uses in 2.4 but without dst cache usage):
Note that I used a modified demasq path which uses
one input route for NAT but it is wrong. It only proves that
2.2 can reach the same speed as 2.4 if there was use_dst
analog in 2.2. Without such feature the difference is 8%.
OTOH, there is a right way to implement one input route call
as in 2.4 but it includes rewriting of the 2.2 input processing.
> >From what I see here, it looks as though the 2.2 kernel handles a higher
> numberof SYN's better than the 2.4 kernel. Am I to asume, that the for the
> 110,000SYNs/sec in the 2.4 kernel, only 63,000 SYNs/sec were answers? The
> rest failed?
In this test 2.4 has firewall rules, while 2.2 has only
ipchains enabled.
> Is the 2.2 kernel better at answer a higher number of requests?
No. Note also that the testlvs test was only in one
direction, no replies, only client->director->realserver
> Also, has anyone compared IPTABLES / IPCHAINS, via 2.2 / 2.4
I tried to test them, here are my results:
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=100903333532449&w=2
There is a magic in these tests, I don't know at one place
why Netfilter shows so bad results, may be someone can point to me
where is the problem.
> Thanks, Michael
Regards
--
Julian Anastasov <ja@xxxxxx>
|
