On Wed, Aug 7, 2013 at 11:44 AM, Florian Obser <flor...@narrans.de> wrote: > On Wed, Aug 07, 2013 at 10:26:22AM -0400, Maxim Khitrov wrote: >> Hi all, >> >> I'm looking for performance measuring and tuning advice for 10 gigabit >> Ethernet. I have a pair of Lanner FW-8865 systems that will be used as >> firewalls for the local network. > [...] >> The initial iperf runs couldn't go beyond ~3.2 Gbps: > > you expect a lot of localy generated traffic on your firewall? > (if the answer is no, why are you testing that?)
No :) But it was the first step until I have a third system with a 10GbE port. I have 15 Intel X540-T2 cards waiting to be installed. Once I have another server that can generate the traffic, I'll test the forwarding performance with pf enabled. > [...] >> Increasing the MTU on both ix0 interfaces to 9000 gives me ~7.2 Gbps: > > you expect a lot of jumbo frames in front of / behind your firewall? > (if the answer is no, why are you testing that?) It's a possibility. What this tells me, however, is that the the throughput isn't the (main) problem. The per-packet processing overhead appears to be the limiting factor, which is why I asked about checksum offloading. > anyway, I was testing an Intel 82599 system in July which will become > a border router. All of this is forwarding rate; it took me 2 days to > beg, borrow and steal enough hw to actually generate the traffic. (I > had 4 systems in front of and 4 systems behind the router, all doing > 1Gb/s) What tools were you using to generate the traffic and to calculate bytes/packets per second? I assume interrupts per second came from systat?
