Date: Mon, 28 Nov 2005 12:47:27 +0300 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: Vsevolod Lobko <seva@ip.net.ua>, rwatson@FreeBSD.org, net@FreeBSD.org Subject: Re: parallelizing ipfw table Message-ID: <20051128094727.GK25711@cell.sick.ru> In-Reply-To: <20051128062732.GA58778@ip.net.ua> References: <20051127005943.GR25711@cell.sick.ru> <20051127135529.GF25711@cell.sick.ru> <20051127194545.GA76200@ip.net.ua> <20051127195914.GI25711@cell.sick.ru> <20051128062732.GA58778@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 28, 2005 at 08:27:32AM +0200, Ruslan Ermilov wrote: R> > On Sun, Nov 27, 2005 at 09:45:45PM +0200, Ruslan Ermilov wrote: R> > R> Nope, I need this caching. It's for looking up the same table R> > R> several times in a row but with various values. For example, R> > R> we use ipfw tables to route the traffic to the correct dummynet R> > R> pipe, where value is the bandwidth, and this caching helps a lot. R> > R> > Have you benchmarked that this caching is important? On a router R> > that serves a lot of parallel traffic flows the caching is not R> > a benefit, but additional processing. I think we should optimize R> > the code for more loaded environments, since we don't care about R> > CPU consumption in a less loaded setup - whether it is 0.1% or 0.11%. R> > R> I'm talking about the following case: the same packet is R> processed by a firewall ruleset that has N rules that R> look up the same ipfw table but with different "values", R> to select a correct dummynet pipe. I understand this case. But wouldn't it be better to optimise this case by storing the last match on stack in ipfw_chk()? Can you please show me how this ruleset looks like? R> > In general such kind of caching in network code is an old fashion, R> > that causes a problems when we attempt to make code more R> > parallelizable. We alreade removed rtcache in ip_output.c rev. 1.201 R> > and we will soon remove route caching in gif(4), because it causes R> > problems on SMP. R> > R> > Can you try my patch? Since it reduces the total number of mutex R> > operations it should be a win on UP, too. R> > R> We're currently based on 4.x. You can try it yourself: create R> a table with 10000 entries and with value 13. Then write a R> ruleset with 13 rules that look up this table so that the last R> rule looks it up with value 13, and do a benchmark. Let me R> know what are results with and without caching. Such kind of firewall looks like unoptimized. Why should we optimize the code for non-optimized setups. Can't we avoid looking into one table 13 times each packet? -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051128094727.GK25711>