Date: Mon, 22 Sep 2014 22:39:45 +0200 From: Elof Ofel <elofu17@hotmail.com> To: Adrian Chadd <adrian@freebsd.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: How do I balance bandwidth over several virtual NICs? Message-ID: <DUB125-W51623651A926D99844D879BCB30@phx.gbl> In-Reply-To: <CAJ-Vmo=NGGkOkPWQKZ=3gA3vYYyM2kcjd3m85ymdJY3q4ixxLw@mail.gmail.com> References: <DUB125-W13FDC584F5DF9881CF5FDEBCB30@phx.gbl>, <CA%2BP_MZGA_uz_H_QsB%2BdgXEgbXNCjv7w-OToKby=ww%2BvKgnU4_Q@mail.gmail.com>, <DUB125-W851F972702452D9809C8E5BCB30@phx.gbl>, <CAJ-Vmo=NGGkOkPWQKZ=3gA3vYYyM2kcjd3m85ymdJY3q4ixxLw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Adrian! Now this sounds promising! All my sensors use the ixgbe driver. However=2C my skills in programming/compiling isn't vast. I know how to pat= ch and use poudriere. That's about it. I must admit I don't really understand what you mean with "patch it to use = a symmetric RSS key"=2C but it sounds like the functionality I'm looking fo= r is not yet there in the driver. If we assume that someone in the future write and submit the above into the= ixgbe driver=2C could I be so bold as to ask you for a commandline/configu= ration example (a brief guide) of how one would setup netmap and how to con= figure it to use the RX-queues? That way I can start playing around with netmap and learning it while I wai= t for the ixgbe driver to be updated... I've got two professional programme= r colleagues who've dealt extensively with e.g. the libnids and pfring sour= ce code=2C so if I get a grasp of how to setup netmap=2C and I find it inte= resting=2C it is likely that they can dive into and fix the ixgbe driver an= d improve it as per above. So please=2C can you help me with a "netmap guid= e"? When I try to find documentation or examples of how to setup netmap I find = none. Not even the netmap-enabled pcaplib contain any information as how to= use it. I'm no programmer=2C so showing me different C structs for deliver= ing data is of no use. :-/=20 I would very much like to improve the ixgbe driver and give back to the Fre= eBSD community rather than scrap FreeBSD and move to Linux and PF-RING. /Elof > Date: Mon=2C 22 Sep 2014 12:46:01 -0700 > Subject: Re: How do I balance bandwidth over several virtual NICs? > From: adrian@freebsd.org > To: elofu17@hotmail.com > CC: nike_d@cytexbg.com=3B freebsd-net@freebsd.org >=20 > Hi=2C >=20 > Yes. >=20 > * grab an ixgbe NIC and the -HEAD driver=3B (or cxgbe - I haven't gone > and written RSS programming code for that just yet)=3B > * patch it to use a symmetric RSS key=3B > * configure up N queues=3B > * run an instance of snort on each TX/RX ring from the NIC. >=20 > The last step requires that you have snort use netmap rather than just > straight bpf - or maybe somehow there's a way to glue bpf into a > single netmap ring. >=20 > I haven't wrapped all of this up and thrown it into FreeBSD-HEAD yet=2C > but i know that a symmetric RSS key works fine on 82599 hardware with > a fixed driver. >=20 >=20 > -a >=20 >=20 > On 22 September 2014 12:06=2C Elof Ofel <elofu17@hotmail.com> wrote: > > Hi Nikolay. > > > > Unfortunetly no=2C that's not a solution. > > mon0 could in theory be a bridge0 with four 10 GE interfaces =3D 40 Gbp= s theoretical input that need to be distributed over multiple virtual NICs.= Also=2C I have no control of the mirrored traffic=2C so it would be hard f= or me to build and maintain bpf filters that tries to roughly balance the b= andwidth load. > > > > Any other suggestions? > > > > /Elof > > > >> Date: Mon=2C 22 Sep 2014 18:45:28 +0200 > >> Subject: Re: How do I balance bandwidth over several virtual NICs? > >> From: nike_d@cytexbg.com > >> To: elofu17@hotmail.com > >> CC: freebsd-net@freebsd.org > >> > >> On Mon=2C Sep 22=2C 2014 at 5:12 PM=2C Elof Ofel <elofu17@hotmail.com>= wrote: > >> > I have a single NIC=2C mon0=2C that constantly receive 800 Mbps of m= irrored traffic. > >> > I want to split these 800 Mbps into smaller chunks and feed them to = a couple of virtual interfaces. > >> > Each virtual interface can then have instance of 'snort' inspecting = its traffic. > >> > > >> > Say approximately 200 Mbps per interface =3D four interfaces. > >> > That way=2C each of the four snort processes only get 200 Mbps of da= ta to inspect instead of having *one* single snort process (single-threaded= ) trying to cope with 800 Mbps. > >> > > >> > (the problem I'm trying to solve is utilizing all cpu's. Currently o= ne cpu runs snort at 100% while all the other cpu's idle.) > >> > > >> > > >> > The important thing though is that all packets in the connection nee= d to be diverted to the same virtual NIC. You can't send the SYN to NIC0 an= d the SYN-ACK to NIC1=2C 'cause then neither snort-process-0 nor snort-proc= ess-1 see the other side of the connection. > >> > The loadbalancing must be based on a hash built from at least the ma= c-addresses+IP-addresses. > >> > > >> > > >> > So=2C what I think I'm looking for is a way to configure a lagg0 int= erface in loadbalance mode=2C that take all the incoming traffic on mon0 an= d distribute it over four virtual member NICs. (these four NICs would then = probably be configured to run in monitor mode.) > >> > > >> > > >> > Do FreeBSD support what I'm looking for? How do I do it? Where shoul= d I look? > >> > > >> > /Elof > >> > > >> > _______________________________________________ > >> > freebsd-net@freebsd.org mailing list > >> > http://lists.freebsd.org/mailman/listinfo/freebsd-net > >> > To unsubscribe=2C send any mail to "freebsd-net-unsubscribe@freebsd.= org" > >> > >> Since this is below one Gig=2C would running separate snort processes = on > >> mon0 and using a BPF filter to split traffic work? > >> > >> --Nikolay > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe=2C send any mail to "freebsd-net-unsubscribe@freebsd.org= " =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DUB125-W51623651A926D99844D879BCB30>