On 2012-09-04, Michel Blais <mic...@targointernet.com> wrote: > I've build a Xeon E3 with Intel i340 ethernet with 82580 chip. > > CPU is use up to 24% on the first core, congestion is now at 0.3/s.
First core..this implies MP. You might do better with UP as having the other cores unused may allow turbo boost to speed things up a bit more. > I still see drops in net.inet.ip.ifq.drops. 1131 drops in 81 hours. > > I'm now trying kern.pool_debug=1 but don't know where the > output will go and can't find anything about the output. Will it > be in dmesg or in a log ? If you do 'show all pools' in ddb you'll get some extra messages if pool corruption was detected, I'm not sure if it shows up anywhere else. It has a big effect on performance, this is why it is only enabled for -current i.e. disabled for releases. > Also I would like to write again my rule but you like to know more > about PF's ruleset optimization mechanisms. I see in pf.conf man > page the following : > > Basic ruleset optimization does four things to improve the > performance of ruleset evaluations: > 1. remove duplicate rules > 2. remove rules that are a subset of another rule > 3. combine multiple rules into a table when advantageous > 4. re-order the rules to improve evaluation performance > > I can handle 1, 2 and 3 fine without the optimisation but for the > order of the rule, is there any doc on how to optimise the order > of the rule order for best performance ? I was also not able to > find anything about this. http://www.undeadly.org/cgi?action=article&sid=20060927091645 is still mostly relevant.
