New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Very slow to IPSet() from a large source, and very slow to go though iter_cidrs() as well #152
Comments
Which version of netaddr are you using? Newer versions tend to be more optimized for larger data sets like yours. I also recall that version 0.7.18 had a big performance improvement for IPSet. |
I was running a older version, but upgraded github trunk latest commit date of : Sun Jan 22 23:47:00 2017 commit : 4205371 before doing these test and posting here |
I tried to reproduce loading 850,000 entries from a blacklist into an IPSet with this code:
With netaddr 0.7.19 this takes
If you have a very slow CPU, you might get up to 68 seconds. That's mostly because netaddr focusses on flexibility (IPv4/6, allowing individual IPs or whole networks). And because 850k IPs is quite a bit. I also built a quick benchmark to reproduce the entire process. One thing I noticed is that |
Well it not running on latest hardware for sure on my end;) 850k is a lot... But Sadly, that the average number of IP I need to block on my firewall :( Trying to work around it, but would be great if it could be made quicker. |
I got a script that load from multiple db IP address that are considered infected in some way.
It take about 3.5 minute for my python script to run,
It take 5 second to load the data into an array in python from a remote database (850 000 entry).
I got 1287 IP in a array(whitelist), which took 45millisecond to load using IPset(listhere)
I also got 850 000 IP in a array(blacklist), which took 68 second to load using IPset(listhere).
It then took 75second to remove the whitelist entry from the blacklist.
And it took 34 second to go though iter_cidrs()
Are these time considered acceptable ? Should I look at some other library ?
My goal is to create a shorten list of IP/Mask that I can feed to linux ipset and block those IP.
The text was updated successfully, but these errors were encountered: