>> "The OpenBSD kernel and network stack still do run only on CPU0, so if all you plan to do is >> use PF to filter traffic, then you are indeed better off disabling HTT."
Thanks. That's the piece of info I needed, as (at least per current plans) 95% of the machine's time will be in PF-land, with few or no userland programs besides the occasional log-muncher. I do understand the ruleset for PF has changed, and then changed again, in the intervening years. I planned to start from scratch with my rules, not try to port anything from the old system except as a "don't forget to allow this" kind of reminder. thx D On Thu, Mar 7, 2013 at 8:51 PM, System Administrator <ad...@bitwise.net>wrote: > On 7 Mar 2013 at 20:24, David Ruggiero wrote: > > > I've been using OpenBsd for 8+ years on my main router/firewall (4 > > NICs). > > Time to upgrade (I'm back on v3.8, yikes). Past time, really. > > So....lots to > > learn / re-learn here. Have patience. First question: > > > > I'll be loading 5.2 on a low-power, Atom E640-based box (the Soekris > > net6501). That chip has two Hyperthreading cores. Several > > net-references > > (esp. ca**mel.org ) advocate turning off HTT in the bios when using > > OpenBSD > > for faster interrupt servicing / task switching latency. > > > > But....perhaps that advice is pre-5.2, when we got pthreads(3) > > support? > > What's the best current advice for that kind of one-cpu, > > multi-logical-thread system? > > > > 1) Single processor kernel or multi-processor (smp) kernel? > > 2) If the latter, HTT turned on or off? > > > > Thanks. > > Bonnie > > > > > > First thing first, read, read, and re-read the official documentation. > Many things changed in the intervening years, in particular, PF > configuration syntax has changed a fair bit. > > Do note that unlike the Linux world where you have to dig for third > party "how-to"s, OpenBSD official documentation is very complete and up > to date. Which is one of the reasons the website you referenced is > frowned upon as most of its "information" is either out of date or > simply wrong. That said, the particular point you bring up may still be > valid -- much depends on your specific situation. > > Whether or not to use hyperthreading and multiprocessor (MP) kernel > depends on the workload of your firewall. The OpenBSD kernel and > network stack still do run only on CPU0, so if all you plan to do is > use PF to filter traffic, then you are indeed better off disabling HTT. > However, if your firewall is also going to be running a fair amount of > userland processes (e.g. your website with db backend) then you may > well benefit from multiprocessor support.
