From owner-freebsd-current@FreeBSD.ORG Tue Aug 18 10:57:54 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3594106568D; Tue, 18 Aug 2009 10:57:53 +0000 (UTC) (envelope-from ianf@clue.co.za) Received: from inbound01.jnb1.gp-online.net (inbound01.jnb1.gp-online.net [41.161.16.135]) by mx1.freebsd.org (Postfix) with ESMTP id 2EFBD8FC52; Tue, 18 Aug 2009 10:57:52 +0000 (UTC) Received: from [196.7.162.28] (helo=clue.co.za) by inbound01.jnb1.gp-online.net with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1MdMNx-0000Pw-I9; Tue, 18 Aug 2009 12:57:49 +0200 Received: from localhost ([127.0.0.1] helo=clue.co.za) by clue.co.za with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MdMO7-0000zJ-I5; Tue, 18 Aug 2009 12:57:59 +0200 To: Robert Watson From: Ian FREISLICH In-Reply-To: References: <4A8484E4.6090504@uffner.com> X-Attribution: BOFH Date: Tue, 18 Aug 2009 12:57:59 +0200 Message-Id: Cc: pf@freebsd.org, current@freebsd.org Subject: Re: packet forwarding/firewall performance question X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Aug 2009 10:57:54 -0000 Robert Watson wrote: > > On Thu, 13 Aug 2009, Tom Uffner wrote: > > > i'm hoping a few people will give me estimates on what kind of > > throughput i should theoretically expect before i provide any actual > > test data. also, any suggestions on tuning would be welcome. > > > > so far in preliminary tests, enabling polling on the network > > interfaces reduces my performance slightly both to/from and through > > the box. net.inet.ip.fastforwarding doesn't seem to make much > > difference either way but i haven't done very thorough testing of > > it. increasing net.inet.tcp.sendbuf_max & recvbuf_max may have > > helped, but again, not sufficiently tested. > > I can't speak to absolute numbers, but I wouldn't expect > net.inet.tcp.* changes to make any difference, as they should affect > only locally terminated sockets on the firewall host, not forwarded > packets. > > You might want to try experimenting with net.isr.direct -- try setting > it to 0, as this changes the kernel dispatch model for the network > stack. On a UP box, I would probably anticipate a performance loss > for making that change, or similar configuration changes for multiple > netisr threads using net.isr.maxthreads. > > If you're using firewall code, fast forwarding is unlikely > to make a difference. Depending on the cache/memory/CPU > trade-off, you might find turning off flowtable support helps -- > net.inet.flowtable.enable=0. I found that forwarding made a fantastic difference to the forwarding rate in the past. Even with firewalling - was the difference between 38kpps and 500kpps using RTL8110 gigE interfaces. Perhaps I need to retest the effect on a modern FreeBSD. As to the OP, on a VIA Epia LN - C7-1GHz with vr interfaces maxed out at 100Mbit/s. Putting gigE interfaces in the PCI slot made no difference. The bottle-neck appeared to be the number of interrupts the cards generated and the amount of time servicing interrupts, which was not affected by polling(4). Ian -- Ian Freislich