I guess traffic stops if you have pipe rules.
In test 1, I did:
${fwcmd} pipe 1 config bw 512Kbit/s
${fwcmd} pipe 2 config bw 512Kbit/s
${fwcmd} add _allow_ all from any to any MAC any 00:11:22:33:44:55 in
${fwcmd} add _allow_ all from any to any MAC 00:11:22:33:44:55 any out
x 1600 times.
That caused lots of interrupts. Traffic was flowing although no shaping
was done.
Then, in test 2, with the same rules above, I just flushed the pipes:
ipfw pipe flush
The traffic was there, and the result is what I said in last post...
"."@babolo.ru wrote:
[ Charset ISO-8859-1 unsupported, converting... ]
Very good. You're right!
I inserted a rule to match all non-layer2 packets on the top of the
ruleset and interrupts dropped 10~20% immediately.
Given that, I went to apply Julian's idea of grouping 'in' and 'out'
pipe rules to reduce the searching on the firewall and that gave me a
little bit more of performance.
As interrupts were still hitting 60% mark, I did some more experiences:
Test 1: I changed all 'pipe' rules to 'allow' rules, so all packets were
allowed and no shaping was done. The pipes were still there, but there
were no rules pointing packets to them.
Result: No difference. Interrupts are the same as before.
Conclusion: It's not the shaping itself that slows the system.
Test 2: With the same ruleset of test 1, I just removed all pipes (ipfw
pipe flush).
As far as I understand traffic stops after pipe flush,
and this is reason for CPU goes down
Result: Interrupts were only 20%!
Conclusion: Lots of pipes bother the system. I didn't figure out why,
but it's not a coincidence. I tested several times to make sure.
[...]
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
