On 16 Jul 2020, at 9:57, Patrick Lamaiziere wrote:
On Wed, 15 Jul 2020 17:07:23 +0700
Eugene Grosbein <eu...@grosbein.net> wrote:
Hello,
That is mostly for the record but it looks like the intel X520 is
not very good and generates a high level of interrupts.
On a router / firewall with 500 Kpps in input (dropped by pf) is
enough to put the CPUs at 100% busy.
[skip]
Well, do you think another NIC cards can help to reach a better pps
rate ? I think 500 Kpps is quite low for such a machine.
I'm sure pf is the bottle-neck. Try testing such card without any
packet filter enabled and you'll see great difference definitely.
That's not a good news as I don't see how to simplify the ruleset :(
But thanks anyway :)
I’d strongly recommend that you look at Olivier’s recommended tools
(specifically pmcstat) to try to diagnose the bottleneck.
I see no reason to assume this must be pf (it’s possible, but I see no
specific evidence for it).
On this hardware I’d expect pf to be able to push around 3.5Mpps. Even
a single core system (or in a situation where you end up with a lock of
lock contention) it should be able to do 1.5-1.8Mpps.
Best regards,
Kristof
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
