From owner-freebsd-questions  Tue Oct  8 20:41:51 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D4C0A37B401; Tue,  8 Oct 2002 20:41:49 -0700 (PDT)
Received: from bunyip.cc.uq.edu.au (bunyip.cc.uq.edu.au [130.102.2.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6A96543E6A; Tue,  8 Oct 2002 20:41:48 -0700 (PDT)
	(envelope-from csmith@its.uq.edu.au)
Received: from [130.102.152.68] (tobermory.its.uq.edu.au [130.102.152.68])
	by bunyip.cc.uq.edu.au (8.9.3/8.9.3) with ESMTP id NAA31226;
	Wed, 9 Oct 2002 13:41:47 +1000 (GMT+1000)
User-Agent: Microsoft-Entourage/10.0.0.1309
Date: Wed, 09 Oct 2002 13:41:38 +1000
Subject: High interrupt load on firewalls
From: Christopher Smith <csmith@its.uq.edu.au>
To: <questions@freebsd.org>
Cc: <hardware@freebsd.org>, <net@freebsd.org>
Message-ID: <B9C9E292.30E56%csmith@its.uq.edu.au>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

We have two firewalls sitting on gigabit links.  Each has 2 Netgear GA620
(ti driver) fibre cards with about 7 vlans spread across them.  Both these
machines run at *very* high interrupt loads (95 - 100% during business hours
(mostly 100%), 80 - 90 % during off hours).  They are 1GHz P3 machines (Dell
1550s) with 256MB of RAM.  They're actually dual machines, but enabling the
second CPU doesn't help in terms of load, it just halves the numbers top
reports.

Obviously, these machines process a lot of traffic.  However, the interrupt
load seems to me to be very, very high and the main reason we are seeing
such high rates of packet loss (up to 10%, constantly) through these
machines - is there any way it can be lessened, either with a better driver,
different network cards, or some other way ?  We are currently testing with
a dual 2.4GHz P4 (Dell 2650) using the same network cards, and are peaking
at around 40% (really 80%).  However, that doesn't seem to leave much room
to grow, and it's a very expensive way to ease the load.

Will FreeBSD 5.0 be able to spread the interrupts across both CPUs ?  Is
this high interrupt load a problem with the driver, the hardware, FreeBSD
itself, or is it something that is normal ?

What hardware are other people using to firewall high-volume gigabit links ?

-- 
+- Christopher Smith, Systems Administrator ------------------------------+
|  Server & Security Group, Information Technology Services               |
|  The University of Queensland, Brisbane, Australia, 4072                |
+- Ph +61 7 3365 4046 | email csmith@its.uq.edu.au | Fax +61 7 3365 4065 -+


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message