On Fri, Jun 21, 2024 at 11:11:15AM -0600, R C wrote:
On 6/20/24 08:45, Eric Garver wrote:
On Mon, Jun 17, 2024 at 11:58:49AM -0600, R C wrote:
Hello,
I was wondering, in high performance environments (high compute loads, high bandwith loads(IB)), is it a concern to run a firewall for network performance reasons? Also, with high compute loads, I heard/read a rumor that a firewall might actually cap traffic?
The actual packet processing uses nftables in the kernel. Established connections are short circuited and thus skip most of the rule set. In other words, it's as fast as rolling your own nftables rule set.
Forwarded traffic can also be accelerated via flowtable. This should offer line rate forwarding.
I am wondering, if there are some known metrics, or examples so one could create some rough estimates of possible performance loss?
I'm not exactly sure what you're asking for.
To benchmark your network you could use tools like iperf3 or netperf.