Improving firewall performance

While waiting for OpenBSD 5.2 to be officially released, we’ll be releasing another security router (SR) update based on our current OpenBSD version, but with various improvements.

One of them is a rather interesting patch that has been floating around for some time, could nearly double the raw forwarding (routing) performance.

The patch was developed and tweaked by no fewer than OpenBSD’s Mike Belopuhov, David Gwynne, Henning Brauer, Theo de Raadt and Thordur Bjornson. The patch, which was committed as;r2=1.197;f=h could nearly double the raw forwarding (routing) performance. We’ve found that the HSR-100X (which performance is CPU bound) increased it’s routing (non-NAT) performance from around 400 Mbps to a whopping 800 Mbps. Pretty impressive.

The update will be released as 3.0-cookie-p22 in a near future.

Connect with us

Github Github