Date: Thu, 25 Apr 2013 11:31:53 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Erich Weiler <weiler@soe.ucsc.edu> Cc: Kajetan Staszkiewicz <vegeta@tuxpowered.net>, freebsd-net@freebsd.org Subject: Re: pf performance? Message-ID: <CAJ-Vmom9AcEGKYHNDBkJ_yUo4%2BbMrbxfbLBV6HrUD2UW_0_crw@mail.gmail.com> In-Reply-To: <517974DA.5090809@soe.ucsc.edu> References: <5176E5C1.9090601@soe.ucsc.edu> <201304240134.22740.vegeta@tuxpowered.net> <517974DA.5090809@soe.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
... please ask the pfsense guys to either migrate to -9, or backport the -head pf (with the locking fixes!) to -8 for that. Otherwise you're very likely going to be wasting time on something you can't really push that much harder. ADrian On 25 April 2013 11:24, Erich Weiler <weiler@soe.ucsc.edu> wrote: >> As far as I understand, processing of packets by pf takes place in >> receiving >> network card's interrupt handler even up to sending the packet via another >> network card (at least in my case, when using route-to targets, which make >> routing inside pf). > > > That's interesting. So even though pf is giant locked, you can still scale > the maximum capacity of your firewall, in this case, simply by adding more > CPU cores? To handle the extra interrupts? So more cores = more packets > per second, if you give each extra core an additional interrupt queue? > > >> How do you count the 140kpps value? One interface, both, in, out? I'd like >> to >> relate this somehow to my values. > > > Well, generally we see 80kpps rx and 40kpps tx. But I have seen the rx > spike to 150kpps occasionally. This is a pfSense box, which includes RRD > graphs of packet rates, that's how I'm getting the number. I'm not sure how > they are obtaining that metric under the hood. But we have not disabled HT > and some other items, so that number will change is my guess. We also may > add another CPU die to the mix to see if we can add interrupt queues to more > cores to increase performance. > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmom9AcEGKYHNDBkJ_yUo4%2BbMrbxfbLBV6HrUD2UW_0_crw>