[Bridge] Measuring Bridge Performance (+ebtables/iptables)

Michael Rennt m.rennt at gmx.net
Tue Feb 20 06:52:12 PST 2007


Hello,

has anyone done any performance measuring of Linux Bridge + firewalling?

I did search the net for a long time, to find out what would be the best way to measure the
(maximum) performance/throughput. I didn't really come to a conclusion I'm satisfied with.

Nevertheless I did create a small bridged test setup with 4 servers (gbit nics) and a linux bridge
(2 x 100 mbit nic), all on 2.6.19. Two servers are in the MZ and two in the DMZ, the bridge is (of
course) in the middle. There are two gbit switches (MZ and DMZ). iptables has ~400 rules loaded.

For actually testing the performance I ran packetgenerator as well as netperf on the servers.
Starting with one server and ending up with all machines sending and receiving. On the bridge I used
vnstat and iptraf to measure the throughput. I also wrote a perl script which is reading the device
counters from /proc to calculate an average.

On my search I found this, which is pretty interessting, but I don't have an Ixia testing device.
http://facweb.cti.depaul.edu/jyu/Publications/Yu-Linux-TSM2004.pdf
Is it worth to rent such a device or are there any good ways to create a similar setup?

Why I'm not satisfied with my tests? There's a production setup running, which is working at much
higher packet/throughput rates than I was able to reproduce in the lab. This is really bugging me. I
know about the different packet sizes involved when looking at real life traffic.

As I know that performance always depends on the setup, I'd really be interessted in your experience
in creating a test setup that is getting as close to real traffic as possible.

Best,

Michael



More information about the Bridge mailing list