Gateway Box Iptables Overhead (was Re: Iptables initialization)

Bill's LFS Login lfsbill at
Sat Feb 14 08:48:25 PST 2004

On Sat, 14 Feb 2004, [iso-8859-1] Jörg W Mittag wrote:

> Archaic wrote:
> > On Fri, Feb 13, 2004 at 12:08:40PM -0500, Bill's LFS Login wrote:
> >> As a point of curiosity for me, I have been interested in learning some
> >> of the aspects of the overhead associated with filtering (effectively)
> >><snip>

> A small ISP here in south west Germany uses cheap Linux boxes instead of
> Cisco or Juniper as routers and packet filters in many places. They have
> mainly Pentiums and a few 486 routing 10 and 100 MBit/s Ethernet lines.

Smart crew!

> Actually, it seems that the limiting factor is bus bandwith, not CPU power.
> (ISA won't handle 100 MBit/s and PCI won't handle 1 GBit/s.) This is
> especially true, if you don't use extra-cheap Taiwanese NICs, that don't
> even have buffers and generate one interrupt for each and every frame they
> receive, but even the slowest Pentium II should be able to saturate multiple
> 100 MBit/s Ethernet links using RealTek NICs.

Rats! I can't give a P-II to the task, but I could use one of my two
P55s (one at 166MHz w/PCI and ISA, one 200MHz, but I wanted that as
another ws/test box).

Thanks for the info. I may still try the 100MHz one, my LAN<->'net1s
activity is not that high. Unfortunately, I only have 10BaseT (and must
use ISA on that box). But it is a 3COM card, so I suspect I'll not see

> jwm

Thanks for taking the time. This has helped!

Darn, looks like we hi-jacked the original thread, which was not my
intention. For any other folks that will reply, please use this thread.


